The Register reports on an uproar following the discovery of an Internet traffic spying device on campus at the University of California Berkeley:
Academics at the University of California Berkeley have protested after it emerged that management had put a secret data slurping device into the campus that was mapping and storing all network traffic. "The intrusive device is capable of capturing and analyzing all network traffic to and from the Berkeley campus and has enough local storage to save over 30 days of all this data," Ethan Ligon, a member of the Senate-Administration Joint Committee on Campus Information Technology, wrote in an e-mail to fellow faculty members, the SF Chronicle reports.
Benjamin Hermalin, chairman of the UC Berkeley Academic Senate, also expressed serious concerns about the monitoring, and about the storage of the data off-campus. As a third party company is running the device, rather than the university's IT staff, there were also privacy issues to consider.
The device was installed after UCLA Health was hacked in June. Who ordered the installation of the device? No other than Former Governor of Arizona and United States Secretary of Homeland Security Janet Napolitano, who is now the President of the University of California.
A statement from the chair of the University Committee on Academic Computing and Communications has this to say about the monitoring:
We have been informed that the monitoring of communications looked only for "malware signatures" and Internet traffic patterns. As neither message content nor browsing activity were monitored, we believe this level of monitoring can be appropriate.
We have been informed that monitoring of transmissions occurs only at campus edge, and does not capture internal campus traffic. Monitoring of traffic patterns for a pre-defined purpose can be appropriate given that results are maintained for a limited time and limited use.
(Score: 2) by NotSanguine on Sunday February 07 2016, @06:05AM
My apologies. I screwed up the link to the letter in TFS in my reply.
Here it is again [universityofcalifornia.edu]. I wouldn't want you to have to scroll all the way back up to the top to find it.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 1, Informative) by Anonymous Coward on Sunday February 07 2016, @03:37PM
Well, I've read that letter twice and I don't see anything that addresses the claims that IT staff were forbidden from discussing the system. The closest is their accusation that, "the degree to which these actions were kept secret, constituted a serious failure of shared governance."
What I do see is a lot of weasel wording about what's not monitored that leaves giant loopholes for meta-data collection. Also that the people writing the letter have no way to independently verify any of the claims.
(Score: 1, Flamebait) by NotSanguine on Sunday February 07 2016, @03:54PM
Also that the people writing the letter have no way to independently verify any of the claims.
I guess reading comprehension isn't your strong suit. From the letter [universityofcalifornia.edu]:
Let's go through that sentence, okay. They (meaning the IT organization) have also indicated their availability (that is, get in touch with those self-same IT folks and we'll get together) to describe (explain what we're doing and why) and demonstrate (show you what it is we're doing) to interested faculty (those that want to know) the security measures (well, we're not going to post it on the Internet and let every cracker or SN Anonymous Coward see what our security infrastructure looks like. That would be pretty dumb, wouldn't it?) at issue.
Do you get it now, or should we go through it again with smaller words?
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 0) by Anonymous Coward on Monday February 08 2016, @10:14PM
"Achieving a greater degree of certainty would require an independent audit, which we are not prepared to undertake and which would still be subject to question."
M'kay?
(Score: 2) by NotSanguine on Monday February 08 2016, @11:50PM
No. Not "m'kay."
If you're so sure there's a problem, why don't you file suit [ca.gov].
Here are some tips on finding the right lawyer [ca.gov].
You could run your own audit. Here's some info [berkeley.edu] to get you started.
Or hire someone [cybersecurityventures.com] to do the audit for you.
What? Not willing to spend your own time and money to get to the bottom of this evil conspiracy designed to steal your liberty and privacy? I guess it isn't really that important to you. Perhaps you just want to complain anonymously about 'all teh evil' on the intertubes.
You go, girlfriend!
No, no, you're not thinking; you're just being logical. --Niels Bohr