From kadie Mon May 20 01:32:34 1991
To: cafb-mail
Subject: Computers and Academic Freedom mailing list (batch edition)
Status: R
Computers and Academic Freedom mailing list (batch edition)
Mon May 20 01:32:13 EDT 1991
In this issue:
farber@central.cis : Re: Which
Sanjay Kapur
I appologize for the flooding of the list with that question re
libraries. It is due to the endless confusion of mail systems wrt
what to reply to (or maybe its mail system users). I always assume
its from the sender. In lists like this the sender is not who its
from!!! and thus the mail system replies to the from field.
-------------------
Date: Sun, 19 May 1991 14:54 EDT
From: Sanjay Kapur
Subject: Re: Which Rights?
Message-Id: <71D2016A10A0B502@ccmail.sunysb.edu>
X-Organization: State University of New York, Stony Brook
X-Vms-Cc: SKAPUR
>Sender: kadie@eff.org (Carl Kadie)
>
>Does the lack of a central library authority mean that the Freedom To
>Read Statement is obsolete? I hope not.
>
>A newsgroup system *is* a library. If you make subscription decisions
>for other people, you *are* a librarian, even if your degree is in
>computer science and not library science. (You probably have other
>jobs too, of course). Please respect and defend your user's Freedom
>to Read.
>
>- Carl
That is exactly my point: A computer programmer should not be burdened with
the task of being a librarian. A Computer Scientist/programmer has not been
trained or should be responsible for defending a user's "Freedom to Read".
Librarians are trained in these matters. Subscription decisions should
therefore be made by professionally trained and experienced librarians.
Asking system administrators to make these decisions as well as asking them to
defend a user's freedom to read is wrong. It is not their job and should not be
their job.
Also, I did not mean to imply a monolithic library organization.
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Date: Sun, 19 May 91 15:28:06 GMT-0500
From: farber@central.cis.upenn.edu (David J. Farber)
Posted-Date: Sun, 19 May 91 15:28:06 GMT-0500
Message-Id: <9105192028.AA02426@pcpond.cis.upenn.edu>
Asking a professional to assume professional responsibilities -- like defending
freedom in their world, is NEVER wrong.
Librarians do not understand, as a whole, the new technologies and may need time to
acklimate.
> Sender: Sanjay Kapur
> Subject: Re: Which Rights?
>
> Asking system administrators to make these decisions as well as asking them to
> defend a user's freedom to read is wrong. It is not their job and should not be
> their job.
-------------------
Date: Sun, 19 May 91 12:58 MST
From: "Back to work! Pay now, play later?"
Subject: Smoking my socks?
Message-Id: <729E4B8C56FFE00E16@ccit.arizona.edu>
X-Vms-Cc: KAPLAN
(Cross posted to INFO-RISKS)
Dear comp-academic-freedom-talkers and EFFers,
By way of introduction, I am an independent consultant, free-lance
writer, technical trainer and front line VAX/VMS system manager.
In my consulting efforts, I specialize in VAX/VMS (moving to UNIX)
and DECnet (moving to OSI and TCP/IP) security. I lecture, teach and
consult all over the world and have a reputation for questioning
authority - especially when management is trying to blame
someone other than themselves for problems that they - themselves
- have caused. I am a regular columnist for Digital News (a freebie,
bi-weekly trade magazine for the DEC arena), where I write about
system and network security. In addition, I have a newsletter called
Views on DEC.
Below, please find a contribution to the flow of questions
surrounding RISKS. It is of note due to the fact that my editor at
Digital News refused to print it. Withstanding the fact that he and I
have quite different opinions about who my audience is and what
they want to hear, he insisted that the piece whined and did not
present anything that was worth considering - especially since I had
already written a short piece (that was heavily edited) about this
business of a convicted computer cracker being thrown out of a
recent DECUS Symposia. (For those of you who are not familiar with
it, DECUS is the world's largest - and most successful - by most
standards - vendor user group.)
My posting has two purposes: 1) To have you all give me a sanity
check - am I smoking my socks here, are there real issues here - or
is it just my aging paranoia that is driving me? 2) To seek comments
on the hard questions that I face every day in the dissemination of
security-related information.
Please send me mail or post!
Signed, a confused and concerned,
Ray Kaplan
Internet: kaplan@ccit.arizona.edu
BITNET: kaplan@arizrvax
Snalmail P.O. Box 42650, Tucson, AZ 85733-2650
Telco: (602) 323-4606 (ans service)
FAX: (602) 885-2925
-------------
The Distribution of Security-related Inofrmation
by Ray Kaplan
Ever wonder about the distribution of security-related information?
How about that of security problems and system and network attack
methodogolies? I assure you there are wideband channels that carry
this information in quantities that would very likely hurt your
sensitivities! The problem that you have is getting access to those
channels. Rather than being a technical problem, it is a political one.
Control of the distribution of this information is a religous issue with
the power brokers in this game.
For example, one form of this security-related information
distribution is communicating with the opposition. That is right,
talking directly to system and network crackers about what they do
and how they do it.. Come now - what better way to learn about how
to protect our systems and networks than to talk with those who
successfully penetrate our systems and networks? Who better to
teach us how foolish we are in our attempts to protect ourselves
against their assults! Seems quite logical to me, despite loud cries
from the power brokers in the security game that want you to
believe that communication with the enemy is a sin. Anyone seen
consorting with know computer criminals (even ex-computer
criminals) is assumed to have become the devil.
Off hand, I'd say that we - as a community of information system
professionals in this country's DEC user community - have failed
miserably in taking advantage of some of the major opportunities
that have come along to do this type of communication recently.
Take the Kevin Mitnick case. As I reported in the January 21st
Digital News, the DECUS U.S. Board of Directors ejected Kevin from the
Fall Symposium in Las Vegas in December 1990. This, apparently
under pressure from DEC. DEC is apparently still very upset with
Kevin for having successfully broken into their network some years
ago, despite the fact that he plead guilty to their charges, served his
time in prison and is still on very stiff probation. I have to keep
saying apparently since no one from DEC will even discuss the
matter with me. Pitty, since we should be loudly and energetically
congratulating DEC for their prosecution of Kevin Mitnick. According
to the Secret Service, most organizations that are attacked will not
prosecure due to the perception about the negative impact of the
publicity involved. Perhaps they are right. After all, would you
trust a bank that had been broken into?
With all of the rumor, misinformation and innuendo that has flown
about since that December DECUS episode, it is a wonder that any
good facts are becoming known at all. Pity, especially since Kevin
tells me that he is anxious to participate in the community by
helping us all protect our systems and networks. Until he got ejected
from the DECUS Symposia, he was more than willing to come
participate in DECUS panels and DECUS sessions where he could share
the excellent information and experience that he has with all of us. I,
for one, have been listening to him with all ears. Pity that DECUS
(and U.S. DEC?) has denied you the same opportunity.
While the DECUS U.S. Chapter Board of Directors is still busy insisting
that they have the right to throw anyone they want out of a U.S.
DECUS event, we all continue to miss excellent opportunities to learn
from highly skilled people like Kevin Mitnick. In their short sighted
view of the episode, the DECUS U.S. Board seems to be trying to
convince us that they are preventing system and network crackers
from attending DECUS U.S Chapter events and - therefore (I suppose)
- from fiddling with DEC's computers.
Meanwhile, many other DECUS Chapters in the world, a good many
non-U.S. DEC people., most of my clients and most of my technical
peers think the DECUS U.S. Board went off into the weeds when they
threw Kevin out of the Las Vegas Symposium. I, for one, side with
Eric Corley in his recent editorial on the matter in 2600 Magazine.
(2600 is the self-proclaimed Hacker Quarterly) I agree with Eric in
his idea that the DECUS U.S. chapter Board of Directors is absolutely
cracked if they think that they have prevented any system and
network crackers from coming to their DECUS events by their
arbitrary and capricious treatment of Kevin Mitnick. On the
contrary, all they have done is shown the system and network
cracker community how shallow and knee-jerk their thinking is.
After all, Kevin's convicted coconspiritor Lenny DiCicco was
permitted (apparently by both DEC and DECUS) to remain registered
as a normal attendee for the whole Symposia week while Kevin got
thrown out on his ear. I'm here to assure you that many other
highly skilled system and network crackers have taken careful note
of the U.S. DECUS reaction and now are comfortably withdrawn to the
extent that we may never get them to come out and talk to us. In all,
quite a substantial loss to our community, I'd say.
It is actually quite amusing. Highly skilled system and network
crackers tell me that attending any of the carefully controlled
security-related sessions at DECUS Symposia is so much like going to
kindergarten for them that they don't even bother to attend. Rather,
they opt for the more interesting programming and technical
sessions. Knowing this, I think someone should try to improve the
level of quality detail that we have access to by trying to get people
like Kevin involved in DECUS.
To demonstrate the difficulty of overcoming people's fear of the
enemy, Kevin and I have been both overtly and covertly harassed by
powerful people who do not want either of us to share any of our
security-related information except that which they deem as being
appropriate. Censorship at its very best. To add insult to injury,
these security establishment power brokers have tried to put me (as
a security consultant) in the same box as Kevin (as a convicted
computer felon). Silly me. I thought that Mcarthyism was something
in our past. (I must admit, I actually know and have fraternized
with some system and network crackers, Mr. Chairman.)
I'm sure that this will get all sorted out, but it will take a while. I
only hope that it happens in time for you to get some good
information that you can use to protect your systems and networks
from people like Kevin. Both he and I are getting grey as this fight
drags on and on.
In the meantime, I suggest that you may want to whistle up 2600.
You can reach them at:
2600 Magazine
P.O. Box 752
Middle Island, NY 11953
Send them $18.00 ($30.00 overseas) and they will send you a year's
worth. I'd also suggest that you buy a copy of the Winter, 1990 issue
(Volume 7, Number 4). It contains an excellent article entitled The
Hacker Reading List by Dr. Williams. Send them the $25.00 single-
back-issue price and they'll send it along to you.
In the meantime, consider that the distribution of security-related
information is handled a lot like the distribution of birth control
information in some churches - We just don't talk about such
matters might be what you'll hear (if they even admit that such
technology exists!)
On second thought, I guess that this is OK, though. After all, this
security game is largely a religion, anyway, isn't it? Think about it.
Aren't you acting on blind faith in believing that your systems and
networks are REALLY secure (whatever that means)? Without the
focused feedback from demonstrated experts like Kevin Mitnick, I
say that you'll never really know.
Copyright 1991 Ray Kaplan
-------------------
Date: Sun, 19 May 91 16:39:30 -0500
From: "Carl M. Kadie"
Message-Id: <9105192139.AA20294@herodotus.cs.uiuc.edu>
Subject: An aside: how to access on-line library catalogs via the internet.
Information on how to access on-line library catalogs via the internet
is available via anonymous ftp from nic.stolaf.edu (130.71.128.8).
Get the file /pub/doc/internet/internet.library. The file is almost
1/4 meg long.
- Carl
p.s. The file is available from many other locations, too.
-------------------
Date: Sun, 19 May 1991 20:39 EDT
From: Sanjay Kapur
Subject: Re: Which Rights?
Message-Id:
X-Organization: State University of New York, Stony Brook
X-Vms-Cc: SKAPUR
>Sender: farber@central.cis.upenn.edu (David J. Farber)
>
>Asking a professional to assume professional responsibilities -- like
>defending freedom in their world, is NEVER wrong.
>
A professional should refuse to assume responsibilities in areas the
professional has no expertise in. This is what diffrentiates a professional
from an amateur. Defending freedom is not easy and has never been easy.
Untrained people can hurt the cause of freedom more than help it. That is not
to say that a person can not learn and become proficient in a new subject and
then become a "trained and experienced" professional in that area.
Also, a professional should not assume responsibilities unless directed to do
so by a duly authorized individual (i.e. their boss). If your boss directs
you to defend freedom as a professional and if you in your professional
opinion believe that you can do it, fine.
The American Library Association is a very good organization and has goals
that I mostly agree with. However, not being librarians, Computer
professionals are not obligated to follow ALA guidelines on anything. Quoting
ALA guidelines to Computer Professionals is like asking Librarians to follow
all the ACM guidelines.
>
>Librarians do not understand, as a whole, the new technologies and may need
>time to acclimate.
>
Computer professionals need a lot longer to acclimate to the "freedom"
business. Some computer professionals may be very good in this area but I
know a lot who do not understand the intricacies of the issue (Some would
say I am one of them, I disagree.). System administrators have to worry much
more about security and how to keep the system running than "freedom to read".
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
From kadie Wed May 22 00:09:51 1991
To: cafb-mail
Subject: Computers and Academic Freedom mailing list (batch edition)
Status: R
Computers and Academic Freedom mailing list (batch edition)
Wed May 22 00:09:10 EDT 1991
In this issue:
dirish@math.utah.e : Computer Programmers as System Administrators
Sanjay Kapur
Subject: Computer Programmers as System Administrators
I believe that Sanjay Kapur as hit the nail on the head. "A computer
programmer should not be burdened with the task of being a librarian."
In addition, a computer programmer should not be burdened with the
task of being a system administrator.
Anybody who thinks that the responsibilities of a system administrator
are limited to keeping the system up and system security is doing us a
disservice by calling him or herself a system administrator. Enough
said.
As for what is and isn't professional, anybody who thinks that the
limit of professional behavior is doing what your boss says is doing
us a disservice by calling him or herself a professional. Enough
said.
I am not interested in arguing over these points. If we are that far
from sharing a common language, then we have no basis for discussion.
We simply cannot communicate.
Remember, eternal vigilance is the price of freedom. If you wake up
tomorrow and can't read the books you want, don't blame the
librarians. Anybody who is unwilling to take the responsibility for
freedom is part of the problem.
Dudley Irish / dirish@math.utah.edu / Manager Computer Operations
Center for Scientific Computing, Dept of Mathematics, University of Utah
The views expressed in this message do not reflect the views of the
Dept of Mathematics, the University of Utah, or the State of Utah.
-------------------
Date: Mon, 20 May 1991 11:29 EDT
From: Sanjay Kapur
Subject: Re: Computer Programmers as System Administrators
Message-Id: <1E6ED8DBF0A04B2E@ccmail.sunysb.edu>
X-Organization: State University of New York, Stony Brook
X-Vms-Cc: SKAPUR
I may have left some persons in this forum with the opinion that I am against
the "freedoms".
I am very much for the freedoms. I am just bringing up points that persons
opposed to these freedoms are very likely to bring up. Not discussing them
now, in this forum, will leave all of us without valid arguments later on.
>Sender: dirish@math.utah.edu
>I believe that Sanjay Kapur as hit the nail on the head. "A computer
>programmer should not be burdened with the task of being a librarian."
>In addition, a computer programmer should not be burdened with the
>task of being a system administrator.
>
I disagree. A computer programmer, with proper training, can become a
librarian or a systems administrator. It is the lack of training and time and
properly defined responsibilities that causes problems.
>Anybody who thinks that the responsibilities of a system administrator
>are limited to keeping the system up and system security is doing us a
>disservice by calling him or herself a system administrator. Enough
>said.
>
Please read again what I said, I never said that I believe that. What I said
is that most system administrators perceive that to be their job. That is what
it says in their job description and that is what their boss tells them to do.
Enough said.
>
>As for what is and isn't professional, anybody who thinks that the
>limit of professional behavior is doing what your boss says is doing
>us a disservice by calling him or herself a professional. Enough
>said.
>
What I said was that if you do not have expertise in a field, you are not a
professional. If your boss says do not meddle in "freedom" issues and you
still do, you are NOT a professional. You are a Meddler. You may be right to
meddle in it but then you would be doing that as an interested person and not
as a professional.
Enough said.
>I am not interested in arguing over these points. If we are that far
>from sharing a common language, then we have no basis for discussion.
>We simply cannot communicate.
>
You may not want to, but I am very much interested interested in discussing.
Enough said.
>Remember, eternal vigilance is the price of freedom. If you wake up
>tomorrow and can't read the books you want, don't blame the
>librarians. Anybody who is unwilling to take the responsibility for
>freedom is part of the problem.
>
I agree. But vigilance does not mean that you keep on saying "Enough said" and
telling someone that they are a "part of the problem". It means keeping an
open eye, ear and mind. Not a closed mind. A willingness to discuss and argue
your point, a willingness to teach your language to others so that you may
communicate and spread your ideas and listen to other ideas.
>Dudley Irish / dirish@math.utah.edu / Manager Computer Operations
>Center for Scientific Computing, Dept of Mathematics, University of Utah
>
>The views expressed in this message do not reflect the views of the
>Dept of Mathematics, the University of Utah, or the State of Utah.
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
The above views may not belong to any division of the State of New York.
-------------------
Date: Mon, 20 May 91 11:35:28 EDT
From: Joe Brennan
Subject: Re: Computer Programmers as System Administrators
Message-Id:
Regarding the ALA Freedom to Read--
The point I was trying to make is that when the ALA says people should
have freedom to read, they do not mean to say the library will collect
every book printed. This is therefore not an ideal policy to cite if you
want to argue for receiving all netnews groups.
Two different analogies with libraries have been made: getting a
newsgroup and purchasing books for a library (me), and getting a
newsgroup and reading what's in the library. This disagreement probably
indicates the analogy is not a great fit! I guess I'm assuming that a
library would let you read what they own.
Instances of books being removed from libraries provide the most obvious
examples of censorship. Freedom to read better mean more than freedom to
read whatever gets into the library, though, because that would fail to
cover censorship at time of purchase. To me, there's no difference in
withdrawing "Huckleberry Finn" and not buying it to begin with... except
that the decision not to buy may be less noticeable unless you're looking
for something specific that you think should be there. It is important
to judge a library's whole policy as to both what they remove and what
they add.
Getting back to the original issue, though, some people here suggested a
university, business, etc, has no obligation to get talk and hobby
groups. This position is entirely consistent with the ALA statement.
Saying you have the right to read X is not saying your school or employer
needs to provide you with it! I have access to a 5-million volume
library here and still have to buy my own books and magazines for
hobbies. It's nice that I also have access to rec.* and alt.* but I'm
not sure how to argue by analogy that we NEED to get them.
Joe Brennan
-------------------
Date: Mon, 20 May 91 11:56:47 EDT
From: Joe Brennan
Subject: Re: Computer Programmers as System Administrators
Message-Id:
Sanjay Kapur says:
>What I said was that if you do not have expertise in a field, you are not a
>professional. If your boss says do not meddle in "freedom" issues and you
>still do, you are NOT a professional. You are a Meddler.
Nope, if you do only what your boss says, you're clerical staff. The
professionalism issue had been kicking around the library biz for 20
years or so and hits right on this issue. Librarians are supposed to
follow professional ethics regardless of what the boss says.
Physicians pledge to treat the way they judge best; lawyers pledge to
follow the laws; when they work for a clinic or law firm, that doesn't
change. Need of a job and other reasons may lead people to do what
the boss says, but at least let's recognize the conflict that creates.
Joe Brennan
-------------------
From: Aydin Edguer
Message-Id: <9105201614.AA23352@charlie.CES.CWRU.Edu>
Subject: Re: Which Rights?
Date: Mon, 20 May 91 12:14:22 EDT
X-Mailer: ELM [version 2.3 PL6]
As usual Carl has provided a well thought out and supported set of
arguments about the topic at hand. Thank you Carl. But I am still
forced to disagree.
> > The inescapable conclusion is that the proper place for newsgroups
> > etc. is the library and not a departmental or university computing
> > facility.
>
> This makes it sound as though the Library is a single building or
> single organization with some kind of a monopoly or franchise on
> circulating material. In fact, the location and administration of many
> libraries is now highly distributed.
You have pointed out how the library systems have chosen to help
overcome the limitations of their buying power. Rather than trying
to own all the books, the libraries are trying to provide the information
needed for a user to locate and secure the books from other libraries.
This is actually a good analogy to the USENET news capabilities.
Instead of requiring a library (or departmental facility) to obtain
all the books or magazines (newsgroups) a user can be expected to
obtain the information from other libraries (public access USENET
sites like ncoast or chinet) by the pointers provided by the library.
Some of these pointers may involve a cost to the user such as searching
through DIALOG databases (using UUNET or PSINET).
Rather than requiring a department or even a university to provide
all the newsgroups, one should think of what other resources a user
can access.
> Does the lack of a central library authority mean that the Freedom To
> Read Statement is obsolete? I hope not.
No. But the argument still stands that academic departments do have
roles. The department whose agenda best matches that of providing
USENET to a campus is the library. As you have pointed out, most
libraries _do_ have computer expertise or can locate it. Thus expecting
the library to assume the role of service provider is much more
reasonable than adding the role of librarian to a computer science
department.
> A newsgroup system *is* a library. If you make subscription decisions
> for other people, you *are* a librarian, even if your degree is in
> computer science and not library science.
In some sense of the word. But I am not sure that I agree with your
conclusions.
Example:
A CS department has decided to only subscribe to magazines that pertain
to computers. Generally this means journals by the IEEE and ACM.
They have chosen not to use their resources to get F&SF magazine.
As an academic department I would also see it as quite reasonable to
only receive the comp.* and some alt.* groups in a similar way that
it reasonable of that department to receive only CS journals.
Aydin Edguer
-------------------
Date: Mon, 20 May 1991 12:29 EDT
From: Sanjay Kapur
Subject: Re: Computer Programmers as System Administrators
Message-Id: <26BF5B8A70A0B045@ccmail.sunysb.edu>
X-Organization: State University of New York, Stony Brook
X-Vms-Cc: SKAPUR
>Sender: Joe Brennan
>
>Nope, if you do only what your boss says, you're clerical staff. The
>professionalism issue had been kicking around the library biz for 20
>years or so and hits right on this issue. Librarians are supposed to
>follow professional ethics regardless of what the boss says.
>Physicians pledge to treat the way they judge best; lawyers pledge to
>follow the laws; when they work for a clinic or law firm, that doesn't
>change. Need of a job and other reasons may lead people to do what
>the boss says, but at least let's recognize the conflict that creates.
>
>Joe Brennan
>
We seem to have digressed from professional "responsibilities" to professional
"ethics". I agree that where ethics are concerned, a professional may have to
differ with the boss (and possibly loose their job in the process).
HOWEVER,
I do not know of any ethical guidelines for System administrators which
require them to give anyone any "freedoms".
Therefore the argument above about Librarians, physicians and lawyers is not
valid in the context of "Freedoms".
Maybe we should develop ethical guidelines on these issues and have them
approved by the relevant professional organizations?
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Date: Mon, 20 May 91 13:01:09 -0400
From: kadie (Carl Kadie)
Message-Id: <9105201701.AA20625@eff.org>
Subject: Computer Programmers as System Administrators
Sanjay Kapur writes
> I do not know of any ethical guidelines for System administrators which
> require them to give anyone any "freedoms".
> Therefore the argument above about Librarians, physicians and lawyers is not
> valid in the context of "Freedoms".
> Maybe we should develop ethical guidelines on these issues and have them
> approved by the relevant professional organizations?
What is the relevent professional organization? Is there anything more
specific than ACM? Are there any system-administration professionals or
are only computer professionals who do system administration?
- Carl
-------------------
Date: Mon, 20 May 1991 13:48 EDT
From: Sanjay Kapur
Subject: Re: Computer Programmers as System Administrators
Message-Id: <31D646D8B0A0B045@ccmail.sunysb.edu>
X-Organization: State University of New York, Stony Brook
X-Vms-Cc: SKAPUR
>What is the relevent professional organization? Is there anything more
>specific than ACM? Are there any system-administration professionals or
>are only computer professionals who do system administration?
>
>- Carl
>
>
Maybe someone more involved with professional organizations can give a
better answer but here is what I know:
ACM is certainly one organization. Another is the Computer Society of IEEE.
Then there are organizations like DECUS (for DEC) and SHARE (for IBM
mainframes). EDUCOM also has a certain role to play. The National Association
of Systems Programmers is another organization.
There are three kinds of system administrators:
1) Part time system managers: Students/faculty/staff looking after a small
computer that may belong to a research group or other small organization.
In my opinion, this is numerically the largest group and is also the group
least sensitive to the "freedoms" issue. By small computer, I mean a
computer with a small number of users.
2) Full time People who manage the system: This category is composed of
computer professionals by definition (my opinion).
3) People who manage the people who manage the system. (i.e. the Boss)
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
From: bbrown@pepvax.pepperdine.edu (Bruce Brown)
Message-Id: <9105210149.AA10778@pepvax.pepperdine.edu>
Subject: who protects freedom?
Date: Mon, 20 May 91 18:49:20 PDT
Cc: bbrown@pepvax.pepperdine.edu (Bruce Brown)
X-Mailer: ELM [version 2.2 PL10]
who is responsible for the protection of freedom?
everyone!!! artists, writers, filmakers and anyone
concerned about the free flow of information.
the right to create and distribute art and ideas
are basic to a free society.
wilhelm reich the enfant terrible of freud's inner
circle... had his books burned in the u.s.a. and
died in jail. he was self publishing his works
in which he stated that society was the patient.
*believe it or not*. bruce bbrown@137.159.8.1
-------------------
Date: Tue, 21 May 91 12:16:59 -0500
From: "Carl M. Kadie"
Message-Id: <9105211716.AA05013@m.cs.uiuc.edu>
Subject: FYI: 2ND CALL, COMPUTING & VALUES CONFERENCE, AUG 12-16
Path: m.cs.uiuc.edu!wuarchive!zaphod.mps.ohio-state.edu!uwm.edu!linac!att!ucbvax!tut.cis.ohio-state.edu!bgsuvax!maner
From: maner@bgsuvax.UUCP (Walter Maner)
Newsgroups: comp.org.eff.talk
Subject: 2ND CALL, COMPUTING & VALUES CONFERENCE, AUG 12-16
Message-ID: <7478@bgsuvax.UUCP>
Date: 21 May 91 06:48:28 GMT
Organization: Bowling Green State University B.G., Oh.
Lines: 61
The National Conference on Computing and Values will convene August
12-16, 1991, in New Haven, CT. N C C V / 91 is a project of the
National Science Foundation and the Research Center on Computing and
Society. Specific themes (tracks) include
- Computer Privacy & Confidentiality
- Computer Security & Crime
- Ownership of Software & Intellectual Property
- Equity & Access to Computing Resources
- Teaching Computing & Values
- Policy Issues in the Campus Computing Environment
The workshop structure of the conference limits participation to
approximately 400 registrants, but space *IS* still available at this
time (mid-May).
Confirmed speakers include Ronald E. Anderson, Daniel Appleman, John
Perry Barlow, Tora Bikson, Della Bonnette, Leslie Burkholder, Terrell
Ward Bynum, David Carey, Jacques N. Catudal, Gary Chapman, Marvin
Croy, Charles E. M. Dunlop, Batya Friedman, Donald Gotterbarn,
Barbara Heinisch, Deborah Johnson, Mitch Kapor, John Ladd, Marianne
LaFrance, Ann-Marie Lancaster, Doris Lidtke, Walter Maner, Diane
Martin, Keith Miller, James H. Moor, William Hugh Murray, Peter
Neumann, George Nicholson, Helen Nissenbaum, Judith Perolle, Amy
Rubin, Sanford Sherizen, John Snapper, Richard Stallman, T. C. Ting,
Willis Ware, Terry Winograd, and Richard A. Wright.
The registration fee is low ($175) and deeply discounted air fares are
available into New Haven.
To request a registration packet, please send your name, your email AND
paper mail addresses to ...
BITNet MANER@BGSUOPIE.BITNET
InterNet maner@andy.bgsu.edu (129.1.1.2)
or, by fax ...
(419) 372-8061
or, by phone ...
(419) 372-8719 (answering machine)
(419) 372-2337 (secretary)
or, by regular mail ...
Professor Walter Maner
Dept. of Computer Science
Bowling Green State University
Bowling Green, OH 43403 USA
With best wishes,
Terrell Ward Bynum and Walter Maner, Conference Co-chairs
--
InterNet maner@andy.bgsu.edu (129.1.1.2) | BGSU, Comp Science Dept
Relays maner%bgsu.edu@relay.cs.net | Bowling Green, OH 43403
maner%bgsu.edu@nsfnet-relay.ac.uk | 419/372-2337 Secretary
BITNet MANER@BGSUOPIE | 419/372-8061 Fax
-------------------
Date: Tue, 21 May 91 15:47:02 -0400
From: kadie (Carl Kadie)
Message-Id: <9105211947.AA06411@eff.org>
Subject: test 1
This is a test of the caf-talk mailing list to alt.comp.acad-freedom
gateway. I will post details soon. - Carl
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: Tue, 21 May 1991 20:28:36 GMT
Message-Id: <1991May21.202836.7005@eff.org>
Organization: The Electronic Frontier Foundation
From: kadie
References: , <9105211947.AA06411@eff.org>=>
Subject: test 2
comp-academic-freedom-talk-request@eff.ORG writes:
>This is a test of the caf-talk mailing list to alt.comp.acad-freedom
>gateway. I will post details soon. - Carl
This is a test going the other direction.
- Carl
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu -- But I speak for myself.
From kadie Thu May 23 09:26:24 1991
To: cafb-mail
Subject: Computers and Academic Freedom mailing list (batch edition)
Status: R
Computers and Academic Freedom mailing list (batch edition)
Thu May 23 09:26:08 EDT 1991
In this issue:
Dan Brown
Date: Wed, 22 May 91 11:43:14 -0400
From: Dan Brown
Subject: Something to chew on a bit...
It a violation of "academic rights/freedoms" for bounced mail to be sent to
the postmaster of an instalation?
As far as I know, this is common practice. It can be somewhat of an invasion
of privacy though. What kind of repercussions could this have on the academic
freedoms??
Later.
Dan
-------------------
Date: Wed, 22 May 91 12:05:54 EDT
From: "Fuat C. Baran"
Cc: fuat@cunixf.cc.columbia.edu
Office: 712 Watson, (212) 854-5128
Subject: Re: Something to chew on a bit...
Message-Id:
>It a violation of "academic rights/freedoms" for bounced mail to be sent to
>the postmaster of an instalation?
>
>As far as I know, this is common practice. It can be somewhat of an invasion
>of privacy though. What kind of repercussions could this have on the academic
>freedoms??
[Note: The opinions below are not an official statement of Columbia
University, though I am the postmaster.]
At Columbia Univ. (on the central academic systems), bounced mail that
goes to postmaster only contains the SMTP transaction log (contains
the bounce reason, such as "User unknown" or "Host unknown", etc.) and
and correct problems if they are in our local mailer, occasionally
help the sender by suggesting a correct address (this usually comes up
after a user sends to the same incorrect address 20 times in a row),
or contact the remote postmaster if it is a remote configuration
problem.
Note that this is a local modification to the Berkeley sendmail
(mailer) and not all mailers protect privacy to this extent. I
believe Sun's version of sendmail also behaves this way. Stock BSD
sendmail used to (and might still) send the SMTP transaction and
complete (including message body) outgoing message to postmaster on
bounces. Other mailers may also deliver complete messages to
postmaster. I don't think that is appropriate, since the only info a
postmaster really needs to keep the mail system functioning is the
error messages and headers.
I think disclosing header info is somewhat analogous to postal clerks
reading envelopes to determine how to route mail or return to sender
if undeliverable. Actually, I think they go a bit farther. I believe
they will open the envelope if they can't deliver or return a letter
due to insufficient info on the envelope.
--Fuat
P.S. Given that mail may go through several mailers at different
sites (possibly with different policies) before delivery at the final
destination, in general I would not recommend sending "sensitive"
information by email, at least not in plaintext.
Internet: fuat@columbia.edu U.S. MAIL: Columbia University
BITNET: fuat@cunixc Center for Computing Activities
UUCP: ...!rutgers!columbia!cunixf!fuat 712 Watson Labs, 612 W115th St.
Phone: (212) 854-5128 Fax: (212) 662-6442 New York, NY 10025
-------------------
Date: Wed, 22 May 91 23:57:25 -0500
From: "Carl M. Kadie"
Message-Id: <9105230457.AA06305@herodotus.cs.uiuc.edu>
Subject: "Academic Freedom and Catholic Higher Education"
~s A Brief History of Academic Freedom in the United States
[This is based on a chapter in the book "Academic Freedom and Catholic
Higher Education" by James John Annarelli, 1987, Greenwood Press. The
chapter title is "The Secular Model of Academic Freedom in the
United States: A Description Overview". - Carl Kadie]
The chapter opens: "The secular model of academic freedom commonly
accepted in the United States is composed of those definitions and
principles that are outlined and developed in the literature of the
AAUP. ... In principle Americans acknowledge the two complementary
elements of academic freedom that were first elaborated upon in
nineteenth-century Germany, Lernfreiheit and Lehrfreiheit -- freedom to
learn and freedom to teach. ..."
The AAUP's "1915 Declaration of Principles" defines faculty academic
freedom as made up of three parts "freedom of inquiry and research;
freedom of teaching within the university of college; and freedom of
extramural utterance and action." The Declaration states "Universities
shall be so free that no fair-minded person shall find any excuse for
even a suspicion that the utterances of university teachers are shaped
or restricted by the judgments, not of professional scholars, but of
inexpert and possibly not wholly disinterested persons outside their
ranks."
The chapter says, "In the extramural arena, the scholar is bound
neither by a norm of neutrality, nor by a norm of competence. The
freedom of the scholar to express his or her opinions on controversial
questions and issues -- even those that fall outside his or her area of
specialty -- must not be restricted."
The "1940 State on Principles on Academic Freedom and Tenure" says
that "the common good depends upon the free search for truth and its
free exposition."
The chapter says that the nineteenth-century German student also
possessed the privilege of academic freedom. This idea is was pretty
much lost in the 1915 Statement perhaps because the American
university differed from the German university. The US university took
parental responsibility. Also the German students were what Americans
would consider graduate students.
"Support for the student's right to due process of law first came from
the case of Dixon vs. Alabama State Board of Education ... . Students,
in good standing, were expelled from Alabama State College for
participating in a civil rights demonstration. They were expelled
without notice, hearing, or appeal, and thus claimed that they were
deprived of due process of law. The court ruled in the student's
favor."
In 1964 the AAUP issued the "1964 Statement on the Academic Freedom of
Students". With the help of other organizations, in 1967, this became
the "The Joint Statement on Rights and Freedoms of Students"
[Available via anonymous ftp from eff.org as file
academic/student.freedoms.]
The chapter says "[t]he Statement affirms that on the college campus,
students should enjoy freedom of association. 'Students and student
organization should be free to discuss all questions of interest to
them, and to express opinions publicly and privately.' They should be
entitled to invite and hear guest speakers of their choice. In this
regard, institutional control of facilities should never be used as a
method of censorship. Students should be fee to express their views on
institutional policy, and student publications should be immune from
censorship."
"The final section of the statement deals with disciplinary
procedures. Students should be held accountable only for standards of
conduct that have been formulated with student participation and
published in advance. A student accused of serious misconduct should
have the right to a hearing before a regularly constituted committee
that may be composed of both faculty and student members. The accused
should be entitled to choose an advisor for the hearing, to present
evidence and witnesses, and to testify on his or her own behalf."
The rest of the chapter talks about the theoretical justification
for academic freedom. The chapter as a whole contains numerous
references and whould serve as a good starting point for anyone
interested in the general issues of academic freedom.
- Carl
-------------------
Message-Id: <9105231059.AA03402@eff.org>
Date: Thu, 23 May 1991 06:57:54 EDT
From: Sally Webster
Subject: Need help with project
To those of you who get more than one copy of this, excuse the mutiple
postings. I want wide dissemination.
If you know of other lists to which this request should be sent, please
send mail directly to ACDSPW@SUVM. Thank you.
HELP NEEDED FOR EDUCOM PROJECT!!
=================================
The Educational Uses of Information Technology (EUIT) group of EDUCOM
has begun a new project, called colloquially "Ethics War Stories."
The product of this project will be a collection of case studies of
how colleges and universities handle breaches of their computer
policies, state & federal laws, network guidelines, and the computer
portions of their student and faculty handbooks.
We would like contributions from academic computing staff members,
faculty, deans, and other administrators
who have been responsible for formulating, interpreting, and
enforcing computing policies, state & federal laws, network guidelines,
and student codes of conduct.
The contributions should be in the form of a case study:
* introduce the institution and the faculty or staff who were
involved,
* explain the offense or breach and state which policies or laws were
breached,
* explain how the situation was handled (including final
outcomes for the student, staff, or faculty member), and
* point to any change in policy, educational effort, or enforcement
strategies if any occurred.
* give us the benefit of your experience, and advise your colleagues
who haven't had a baptism of fire
Please include the name, telephone number, and network address of a
contact person (possibly you?), so that details can be checked and
final permission sought before anything is published or otherwise
disseminated.
If you know of such instances which could be made into case studies,
but you were not directly involved, please send the names of people
we can talk to, and we'll take it from there.
We anticipate that while scenarios might not differ much across
institutions, outcomes at public institutions will likely differ from
those at private institutions. Beyond that, at this stage, we cannot
predict what other categories might emerge.
We expect to use this collection in one or more of these ways:
* as general background to inform government bodies of the types of
situations which we deal with
* as a "workbook" from which people can take specific ideas for handling
certain kinds of situations
* as a body of knowledge from which to draw conclusions which might
help institutions formulate or reformulate policy and structure
educational and enforcement strategies
We expect that some people will be willing to share their war stories
on condition that we not identify either them or their institution,
and we will be happy to do that.
Send your stories (or the names of people we can contact) to
Project Leader:
Sally Webster, Asst. Professor of Computer Applications, SUNY/CESF
Syracuse, NY, acdspw@suvm, 13 Moon Library, SUNY/CESF, Syracuse, N.Y.
13210
From kadie Fri May 24 19:23:50 1991
To: cafb-mail
Subject: Computers and Academic Freedom mailing list (batch edition)
Status: R
Computers and Academic Freedom mailing list (batch edition)
Fri May 24 19:23:21 EDT 1991
In this issue:
meckler@tigger.jvn : Re: "Academic Freedom and Catholic Higher Education"
Sanjay Kapur
Subject: Re: "Academic Freedom and Catholic Higher Education"
r1-14
-------------------
Date: Thu, 23 May 1991 11:45 EDT
From: Sanjay Kapur
Subject: Re: Something to chew on a bit...
Message-Id: <7C120038E6A0F080@ccmail.sunysb.edu>
X-Organization: State University of New York, Stony Brook
X-Vms-Cc: SKAPUR
>I don't think that is appropriate, since the only info a
>postmaster really needs to keep the mail system functioning is the
>error messages and headers.
>
The job of a postmaster is much more than just to keep the "mail system
functioning". The postmaster is responsible for the delivery of mail and that
involves much more than simply keeping the postal vans in good repair.
Most of the times, at least the first few lines of the body of the message is
needed because it sometimes contains the first and or last name of the person.
Also, in the brave new world of mail gateways to X.400 and other mail systems
and SMTP mail, it is impossible for a program to figure out where the header
end and the body of the message starts.
>
>I think disclosing header info is somewhat analogous to postal clerks
>reading envelopes to determine how to route mail or return to sender
>if undeliverable. Actually, I think they go a bit farther. I believe
>they will open the envelope if they can't deliver or return a letter
>due to insufficient info on the envelope.
> --Fuat
This is the function of the Dead Letter office. This is what an electronic
postmaster does when forwarding misaddressed mail and therefore should be bound
by the same confidentiality rules governing the contents.
>
>P.S. Given that mail may go through several mailers at different
>sites (possibly with different policies) before delivery at the final
>destination, in general I would not recommend sending "sensitive"
>information by email, at least not in plaintext.
>
Not to mention interested intelligence agencies around the world doing
routine AI pattern matching.
My personal experience as an Electronic Postmaster for a Computer site with
over 3000 academic users:
Over the past two years, I must have forwarded several thousand misaddressed
mail messages. I have not disclosed the contents of even a single
misaddressed message to anyone (Except to my co-postmaster(s) when seeking
advise on a particularly undecipherable address).
I have got over a hundred thank-you-for-forwarding notes, some of them quite
profuse in their thanks.
I have yet to get a single objection to my having forwarded a misaddressed mail
message.
I believe that forwarding misaddressed mail is a fundamental responsibility of
the postmaster. Preserving the confidentiality of mail is also a fundamental
responsibility of the postmaster.
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Date: Thu, 23 May 91 13:05:53 EDT
From: "Fuat C. Baran"
Cc: fuat@cunixf.cc.columbia.edu
Office: 712 Watson, (212) 854-5128
Subject: Re: Something to chew on a bit...
Message-Id:
Sanjay Kapur writes:
>The job of a postmaster is much more than just to keep the "mail system
>functioning". The postmaster is responsible for the delivery of mail and that
>involves much more than simply keeping the postal vans in good repair.
Continuing the post office analogy a bit, I don't think that all
bounced mail should default to the "Dead Letter office" you mention.
After all, if there is a return address on an envelope, doesn't the
post office just route it back to sender by stamping the address with
a red "Return to Sender" stamp without opening the envelope and
reading the first few lines?
>Most of the times, at least the first few lines of the body of the message is
>needed because it sometimes contains the first and or last name of the person.
I don't really think that is sufficient justification for having
message text in the *postmaster* copy of the bounce notice. After
all, the sender gets the bounce notice with full text. If they have
trouble determining the correct address, they should ask their
postmaster for help. We encourage this at Columbia, and get numerous
messages asking for help. Also, I disagree with the "most of the
times[sic]" qualification you make.
>Also, in the brave new world of mail gateways to X.400 and other mail systems
>and SMTP mail, it is impossible for a program to figure out where the header
>end and the body of the message starts.
That would be unfortunate.
>This is the function of the Dead Letter office. This is what an electronic
>postmaster does when forwarding misaddressed mail and therefore should be bound
>by the same confidentiality rules governing the contents.
Yes, of course electronic postmasters (and system admins, etc.) should
be bound by confidentiality rules. I just don't think that in the
majority of cases I see (3500+ users in /etc/passwd) the message body
would have been needed.
>My personal experience as an Electronic Postmaster for a Computer site with
>over 3000 academic users:
>
>Over the past two years, I must have forwarded several thousand misaddressed
>mail messages. I have not disclosed the contents of even a single
>misaddressed message to anyone (Except to my co-postmaster(s) when seeking
>advise on a particularly undecipherable address).
In how many of those cases did you actually need the contents of the
message? Weren't the headers sufficient?
>I have yet to get a single objection to my having forwarded a misaddressed mail
>message.
Actually, some people are concerned about having bounces go to
postmaster. I have had people express surprise (and initially
concern) when they heard about this. They do appreciate hearing that
we don't get the text.
>I believe that forwarding misaddressed mail is a fundamental responsibility of
>the postmaster. Preserving the confidentiality of mail is also a fundamental
>responsibility of the postmaster.
I think most of our users are capable of handling the bounce notice
and remailing it. Most of the time bounces are due to typos anyway.
Those that have more trouble end up asking for help.
--Fuat
Internet: fuat@columbia.edu U.S. MAIL: Columbia University
BITNET: fuat@cunixc Center for Computing Activities
UUCP: ...!rutgers!columbia!cunixf!fuat 712 Watson Labs, 612 W115th St.
Phone: (212) 854-5128 Fax: (212) 662-6442 New York, NY 10025
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: Thu, 23 May 1991 17:41:28 GMT
Message-Id: <1991May23.174128.8795@eff.org>
Organization: The Electronic Frontier Foundation
From: kadie
Subject: Another Right: User Representation
Here is another right to add to the list.
The user community, both faculty and student, should have a
clearly defined means to participate in the formulation and
application of computer and networking policy.
(This is just an instantiation of the general right of representation
promoted in the Joint Statement on Rights and Freedoms of Students and
guaranteed by the student codes of many univerities).
Most university computer policies seem to have been set down without
serious user participation. Are there exceptions? Has anyone respected
academic freedom (and possibly their own student code) and given users
a voice?
- Carl
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu -- But I speak for myself.
-------------------
Date: Thu, 23 May 1991 16:02 EDT
From: Sanjay Kapur
Subject: Re: Something to chew on a bit...
Message-Id: <9FF9B6FCF6A1367F@ccmail.sunysb.edu>
X-Organization: State University of New York, Stony Brook
X-Vms-Cc: SKAPUR
>Sender: "Fuat C. Baran"
>Yes, of course electronic postmasters (and system admins, etc.) should
>be bound by confidentiality rules. I just don't think that in the
>majority of cases I see (3500+ users in /etc/passwd) the message body
>would have been needed.
>
I agree, it may not be a majority but slightly over a third of the cases it is
essential to have the body of the message.
If I can figure out the address from the header, I do not read the text.
>
>In how many of those cases did you actually need the contents of the
>message? Weren't the headers sufficient?
No the headers were not enough. See my respose above.
>
>Actually, some people are concerned about having bounces go to
>postmaster. I have had people express surprise (and initially
>concern) when they heard about this. They do appreciate hearing that
>we don't get the text.
I have not heard of any objection (yet).
>I think most of our users are capable of handling the bounce notice
>and remailing it. Most of the time bounces are due to typos anyway.
>Those that have more trouble end up asking for help.
>
I guess Columbia University users are more sophisticated than the rest of
the world.
"most of our" users may be able to handle it but quite a large number have
difficulty.
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Date: Thu, 23 May 91 16:33:01 EDT
From: Joe Brennan
Subject: Re: Something to chew on a bit...
Message-Id:
>
> I agree, it may not be a majority but slightly over a third of the
> cases it is essential to have the body of the message.
Essential? I agree that not getting the body means the sender has to
re-send, and sometimes take the initiative to ask about an address,
but how essential is it to save them the trouble? Considering the
loss in privacy, I wouldn't say the convenience is worth it. It's
just no big deal to re-send.
I'm surprised it's as high as a third. I work with Fuat, so we're
looking at the same bounces, but yeah I doubt we could get much out of
the body anyway. So many are obvious typos, or else outside addresses
that we couldn't guess anyhow. The most useful thing, I find, is the
message the user is responding to, which is of course not the one that
bounces.
> I guess Columbia University users are more sophisticated than the rest of
> the world.
This, of course, is totally true. So we do agree on something.
Joe Brennan Asst Postmaster
-------------------
Date: Thu, 23 May 1991 16:36 EDT
From: Sanjay Kapur
Subject: Re: Another Right: User Representation
Message-Id:
X-Organization: State University of New York, Stony Brook
X-Vms-Cc: SKAPUR
>Sender: kadie@eff.org
>
>Here is another right to add to the list.
>
> The user community, both faculty and student, should have a
> clearly defined means to participate in the formulation and
> application of computer and networking policy.
>
>(This is just an instantiation of the general right of representation
>promoted in the Joint Statement on Rights and Freedoms of Students and
>guaranteed by the student codes of many univerities).
>
>Most university computer policies seem to have been set down without
>serious user participation. Are there exceptions? Has anyone respected
>academic freedom (and possibly their own student code) and given users
>a voice?
>
>- Carl
>--
>Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu -- But I speak for myself.
>
I totally agree.
Now let us get back to reality.
One of the problems with getting a policy approved by "the administration" is
that the administration wants some other (preferably prestigious) University
to have adopted it first and have successfully implemented it for some time.
So my questions are:
1) Does anyone have a list of Universities that have adopted a Computer
Academic Freedom policy?
2) Does anyone have a list of Universities that incorporate the ALA
statements and the AAUP and other statements including the "Joint
Statement on Rights and Freedoms of Students..." as part of their
officially announced official policy? If they have been adopted
what qualifications and restrictions were placed on them?
Unless they are adopted by at least one major University, no one will care
for any such statement(s). Although we can proclaim as many freedoms as we
want in various statements and restate them a countless number of times, they
will be dismissed as being only philosophical arguments unless they are put
into practice.
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
From kadie Sat May 25 22:12:15 1991
To: cafb-mail
Subject: Computers and Academic Freedom mailing list (batch edition)
Status: R
Computers and Academic Freedom mailing list (batch edition)
Sat May 25 22:12:01 EDT 1991
In this issue:
: Re: Harrassment via email
: Boston University's policy
rickert@cs.niu.edu : Re: Harrassment via email
francis%zaphod@gar : Harrassment via email
The addresses for the list are now:
comp-academic-freedom-talk@eff.org - for contributions to the list
or caf-talk@eff.org
listserv@eff.org - for automated additions/deletions
(send email with the line "help" for details.)
caf-talk-request@eff.org - for administrivia
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: Sat, 25 May 1991 06:41:42 GMT
Message-Id: <1991May25.064142.6947@eff.org>
Organization: The Electronic Frontier Foundation
From: kadie
References: ,
Subject: Re: Harrassment via email
jc@raven.bu.edu (James Cameron) writes:
[...]
>[...here's the ethics policy...]
>
> Boston University Information Technology ethics
>
> Conditions of Use and Policy on Computing Ethics March 26, 1990
[...]
In the name of protecting privacy, the policy attacks privacy. It says
the University has the power to "without notice, ... inspect ... any data
[or] file"
It imposes speech restricts that would be ridiculed if applied to the
campus as a whole. It says the user may not "mak[e] accessible
offensive [or] annoying material"
It is incomplete, saying that that required behavior "is not
limited to [] the following: [...]"
It is circular. It prohibits users from misusing computer resources by
"misusing system resources".
It is ephemeral, saying that the University has the power "amend these
Conditions and Policies at any time without prior notice."
Imagine this policy generalized to the University as a whole:
* The University has the power to, without notice, inspect any assigned
office space or dorm room.
* Members of the University community may not distribute or make
accessible offensive or annoying material.
* Members of the University community may be punished for infractions
against rules that are not listed here.
* Members of the University community must not "misuse University
property", where "misusing University property" is defined as misusing
University properity.
* The University has the power "amend these Conditions and Policies at
any time without prior notice."
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu -- But I speak for myself.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: Sat, 25 May 1991 06:44:18 GMT
Message-Id: <1991May25.064418.7028@eff.org>
Organization: The Electronic Frontier Foundation
From: kadie
Subject: Boston University's policy
________________________________________________________________________
CONDITIONS OF USE
To protect the integrity of the University's computing facilities and
the users thereof against unauthorized or improper use of those facili-
ties, Boston University reserves the right, without notice, to: limit or
restrict any individual's use, and to inspect, copy, remove or otherwise
alter any data, file, or system resource which may undermine the author-
ized use of any computing facility. Boston University also reserves the
right periodically to check any system and any other rights necessary to
protect its computing facilities. The University disclaims responsi-
bility for loss of data or interference with files resulting from its
efforts to maintain the privacy and security of those computing facili-
ties. As used herein and in the Policy on Computing Ethics below, the
term "computing facility" means, refers to and includes any and all
forms of computer-related equipment, tools and intellectual property,
including computer systems, personal computers and computer networks and
all forms of software, firmware, operating software and application
software, which is owned by the University or is under the University's
possession, custody or control.
Users of the University's computing facilities are required to comply
with and, by using any such facilities, agree to comply with and be sub-
ject to the Boston University Information Security Policy, the Policy on
Computing Ethics and these Conditions of Use. The University reserves
the right to amend these Conditions and Policies at any time without
prior notice.
POLICY ON COMPUTING ETHICS
Thousands of users share the computing facilities at Boston University.
These facilities must be used responsibly by everyone, since misuse by
even a few individuals has the potential to disrupt University business
or the work of others. You are therefore required to exercise responsi-
ble, ethical behavior when using the University's computing facilities.
This includes, but is not limited to, the following:
1. You must use only those computer resources which you have been indi-
vidually authorized to use by the University. The unauthorized use of
computer resources, as well as the providing of false or misleading
information for the purpose of obtaining access to computing facili-
ties, is prohibited and may be regarded as a criminal act and treated
accordingly by the University. You must not use University computing
facilities to gain unauthorized access to computing facilities of other
institutions, organizations or individuals.
2. You may not authorize anyone to use your computer accounts for any
reason. You are responsible for all use of your accounts. You must
take all reasonable precautions, including password maintenance and file
protection measures, to prevent use of your account by unauthorized per-
sons. You must not, for example, share your password with anyone else.
3. You must use your computer resources only for the purposes for
which they were authorized. For example, non-funded research or student
accounts may not be used for private consulting. Non-funded research or
student accounts may not be used for funded research without prior
approval from the University. You must not use your computer resources
for unlawful purposes, such as the installation of fraudulently or ille-
gally obtained software. Use of external networks connected to the Uni-
versity's networks must comply with the policies of acceptable use pro-
mulgated by the organizations responsible for those networks.
4. You must not access, alter, copy, move or remove information, pro-
prietary software or other files (including programs, members of subrou-
tine libraries, data and electronic mail) without prior authorization
from the appropriate University data trustee, security officer or other
responsible party. You must not copy, distribute, display or disclose
third party proprietary software without prior authorization from the
licensor. Proprietary software must not be installed on systems not
properly licensed for its use.
5. You must not use any computing facility irresponsibly or needlessly
affect the work of others. This includes transmitting or making acces-
sible offensive, annoying or harassing material; intentionally, reck-
lessly or negligently damaging any system; intentionally damaging or
violating the privacy of information not belonging to you; intentionally
misusing system resources or allowing misuse of system resources by oth-
ers; or loading software or data from untrustworthy sources, such as
free-ware, onto administrative systems.
6. You are encouraged to report any violation of these guidelines by
another individual and any information relating to a flaw in or bypass
of computing facility security to Information Technology, University
Information Systems or the Office of Internal Audit.
The unauthorized or improper use of Boston University's computer facili-
ties, including the failure to comply with the above guidelines, consti-
tutes a violation of University policy and will subject the violator to
disciplinary and/or legal action by the University, and, in some cases,
criminal prosecution. In addition, the University may require restitu-
tion for any use of service which is in violation of these guidelines.
Any questions about this policy or of the applicability of this policy
to a particular situation should be referred to Information Technology,
University Information Systems or the Office of Internal Audit.
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu -- But I speak for myself.
-------------------
Newsgroups: info.academic-freedom
Path: rickert
From: rickert@cs.niu.edu (Neil Rickert)
Subject: Re: Harrassment via email
Message-Id: <1991May25.134605.961@mp.cs.niu.edu>
Organization: Northern Illinois University
References: <1991May25.064142.6947@eff.org>
Date: Sat, 25 May 1991 13:46:05 GMT
Lines: 49
In article <1991May25.064142.6947@eff.org> comp-academic-freedom-talk@eff.org writes:
>In the name of protecting privacy, the policy attacks privacy. It says
>the University has the power to "without notice, ... inspect ... any data
>[or] file"
>
Does it?
Or is it just giving reasonable notice that nothing on the computer can
be considered 100% private.
Let me give an example:
Suppose, as a computer administrator, I discover that every time you read
your mail your produce a core dump and a system warning message. Nobody
else using the same software has this problem.
I assure you I am going to look in your mailbox to find out what it is that
is causing this system problem. You might as well be warned in advance.
No, I am not going to disclose to anyone anything confidential I might
happen to see. But I am going to track down that software bug, and that
requires examining this data, privacy or no privacy.
Or, if it is not my responsibility to track down the bug, I may report the
problem to our software vendors. I assure you that they will look inside
your mailbox if they need to for resolving the problem.
You just cannot escape the fact that system maintenance sometimes requires
examination of private data. Technically speaking, every time system
backups are taken, your mailbox was read.
>Imagine this policy generalized to the University as a whole:
>
>* The University has the power to, without notice, inspect any assigned
>office space or dorm room.
It probably does have this power.
>* Members of the University community may be punished for infractions
>against rules that are not listed here.
Most likely this is true too, although rarely stated in this blunt a form.
--
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
Neil W. Rickert, Computer Science
Northern Illinois Univ.
DeKalb, IL 60115 +1-815-753-6940
-------------------
Date: Sat, 25 May 91 20:20:58 CDT
From: francis%zaphod@gargoyle.uchicago.edu
Message-Id: <9105260120.AA04007@math.uchicago.edu>
Subject: Harrassment via email
rickert@cs.niu.edu (Neil Rickert) writes:
> Suppose, as a computer administrator, I discover that every time you read
> your mail your produce a core dump and a system warning message. Nobody
> else using the same software has this problem.
> I assure you I am going to look in your mailbox to find out what it is that
> is causing this system problem. You might as well be warned in advance.
> No, I am not going to disclose to anyone anything confidential I might
> happen to see. But I am going to track down that software bug, and that
> requires examining this data, privacy or no privacy.
Perhaps *you* wouldn't disclose it; but there are certainly people who
would. Permitting them to look at my mailbox is wrong. And suppose
there were personal data in there that I specifically wanted to keep
private from you personally (as opposed to you the sysadmin)?
Most people have a hell of a time keeping their private selves
completely distinct from their professional selves.
> You just cannot escape the fact that system maintenance sometimes requires
>examination of private data. Technically speaking, every time system
>backups are taken, your mailbox was read.
But not by a human! Computers doing backup are fairly unlikely to
gossip about what they read. :-) (or otherwise abuse the knowledge)
System maintenance does *not* require violation of privacy except in
extreme cases; in those cases, the sysadmin should provide advance
notice to the user, and give him the opportunity to watch, to monitor
the violation.
>>Imagine this policy generalized to the University as a whole:
>>office space or dorm room.
> It probably does have this power.
I don't know about office space, but I do know that, in my University
apartment here and in the dorm room I had in undergrad, normal
tenant's protections applied. In particular, the Housing Contract
applying to my dorm room stated that the University could not enter my
room without advance notice (a fairly long advance period was
specified) unless there was an immediate threat to University property
or to personal safety.
>>* Members of the University community may be punished for infractions
>>against rules that are not listed here.
> Most likely this is true too, although rarely stated in this blunt a form.
Don't be silly. The University can't punish me for anything legal
which they don't warn me about in advance. The only power they have
over me is that granted contractually and explicitly when I enroll.
/============================================================================\
| Francis Stracke | My opinions are my own. I don't steal them.|
| Department of Mathematics |=============================================|
| University of Chicago | Welcome to the Real World. Enjoy the |
| francis@zaphod.uchicago.edu | show. |
\============================================================================/
