Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 19 submissions in the queue.

Professors Outraged by UC Berkeley Internet Spying Device

posted by cmn32480 on Sunday February 07 2016, @01:04AM   Printer-friendly
from the it's-their-computer-network dept.

takyon writes:

The Register reports on an uproar following the discovery of an Internet traffic spying device on campus at the University of California Berkeley:

Academics at the University of California Berkeley have protested after it emerged that management had put a secret data slurping device into the campus that was mapping and storing all network traffic. "The intrusive device is capable of capturing and analyzing all network traffic to and from the Berkeley campus and has enough local storage to save over 30 days of all this data," Ethan Ligon, a member of the Senate-Administration Joint Committee on Campus Information Technology, wrote in an e-mail to fellow faculty members, the SF Chronicle reports.

Benjamin Hermalin, chairman of the UC Berkeley Academic Senate, also expressed serious concerns about the monitoring, and about the storage of the data off-campus. As a third party company is running the device, rather than the university's IT staff, there were also privacy issues to consider.

The device was installed after UCLA Health was hacked in June. Who ordered the installation of the device? No other than Former Governor of Arizona and United States Secretary of Homeland Security Janet Napolitano, who is now the President of the University of California.

A statement from the chair of the University Committee on Academic Computing and Communications has this to say about the monitoring:

We have been informed that the monitoring of communications looked only for "malware signatures" and Internet traffic patterns. As neither message content nor browsing activity were monitored, we believe this level of monitoring can be appropriate.

We have been informed that monitoring of transmissions occurs only at campus edge, and does not capture internal campus traffic. Monitoring of traffic patterns for a pre-defined purpose can be appropriate given that results are maintained for a limited time and limited use.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Professors Outraged by UC Berkeley Internet Spying Device | Log In/Create an Account | Top | 26 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by NotSanguine on Sunday February 07 2016, @06:05AM

    by NotSanguine (285) <{NotSanguine} {at} {SoylentNews.Org}> on Sunday February 07 2016, @06:05AM (#300083) Homepage Journal

    My apologies. I screwed up the link to the letter in TFS in my reply.

    Here it is again [universityofcalifornia.edu]. I wouldn't want you to have to scroll all the way back up to the top to find it.

    --
    No, no, you're not thinking; you're just being logical. --Niels Bohr
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 1, Informative) by Anonymous Coward on Sunday February 07 2016, @03:37PM

    by Anonymous Coward on Sunday February 07 2016, @03:37PM (#300207)

    Well, I've read that letter twice and I don't see anything that addresses the claims that IT staff were forbidden from discussing the system. The closest is their accusation that, "the degree to which these actions were kept secret, constituted a serious failure of shared governance."

    What I do see is a lot of weasel wording about what's not monitored that leaves giant loopholes for meta-data collection. Also that the people writing the letter have no way to independently verify any of the claims.

    • (Score: 1, Flamebait) by NotSanguine on Sunday February 07 2016, @03:54PM

      by NotSanguine (285) <{NotSanguine} {at} {SoylentNews.Org}> on Sunday February 07 2016, @03:54PM (#300212) Homepage Journal

      Also that the people writing the letter have no way to independently verify any of the claims.

      I guess reading comprehension isn't your strong suit. From the letter [universityofcalifornia.edu]:

      The committee met with Tom Andriola, UC’s Chief Information Officer, David Rusting,
      UC’s Chief Information Security Officer, and Roslyn Martorano, UC’s Systemwide
      Privacy Manager. They described in some detail the UCLA incident and the actions
      taken in its aftermath, and they responded to the committee’s questions. They have
      published a web site (security.ucop.edu) with cyber-security information. They have also
      indicated their availability to describe and demonstrate to interested faculty the security
      measures at issue.       [Emphasis Added]

      Let's go through that sentence, okay. They (meaning the IT organization) have also indicated their availability (that is, get in touch with those self-same IT folks and we'll get together) to describe (explain what we're doing and why) and demonstrate (show you what it is we're doing) to interested faculty (those that want to know) the security measures (well, we're not going to post it on the Internet and let every cracker or SN Anonymous Coward see what our security infrastructure looks like. That would be pretty dumb, wouldn't it?) at issue.

      Do you get it now, or should we go through it again with smaller words?

      --
      No, no, you're not thinking; you're just being logical. --Niels Bohr

      • (Score: 0) by Anonymous Coward on Monday February 08 2016, @10:14PM

        by Anonymous Coward on Monday February 08 2016, @10:14PM (#300962)

        "Achieving a greater degree of certainty would require an independent audit, which we are not prepared to undertake and which would still be subject to question."

        M'kay?

        • (Score: 2) by NotSanguine on Monday February 08 2016, @11:50PM

          by NotSanguine (285) <{NotSanguine} {at} {SoylentNews.Org}> on Monday February 08 2016, @11:50PM (#301045) Homepage Journal

          No. Not "m'kay."

          If you're so sure there's a problem, why don't you file suit [ca.gov].

          Here are some tips on finding the right lawyer [ca.gov].

          You could run your own audit. Here's some info [berkeley.edu] to get you started.

          Or hire someone [cybersecurityventures.com] to do the audit for you.

          What? Not willing to spend your own time and money to get to the bottom of this evil conspiracy designed to steal your liberty and privacy? I guess it isn't really that important to you. Perhaps you just want to complain anonymously about 'all teh evil' on the intertubes.

          You go, girlfriend!

          --
          No, no, you're not thinking; you're just being logical. --Niels Bohr