💾 Archived View for gemini.spam.works › mirrors › textfiles › magazines › CUD › cud0861.txt captured on 2022-06-12 at 11:02:46.
-=-=-=-=-=-=-
Computer underground Digest Wed Aug 21, 1996 Volume 8 : Issue 61
ISSN 1004-042X
Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
Archivist: Brendan Kehoe
Shadow Master: Stanton McCandlish
Field Agent Extraordinaire: David Smith
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest
CONTENTS, #8.61 (Wed, Aug 21, 1996)
File 1--Seeking opinions of Mankato State University email policy
File 2--Commends requested on Mankato "email" policy
File 3--DOJ homepage hacked!!!
File 4--Re: USDOJ Hacked
File 5--Microsoft Acknowledges Flaw in Internet Browser
File 6--Re: Cu Digest, #8.60--Sun, 18 Aug 96
File 7--Cu Digest Header Info (unchanged since 7 Apr, 1996)
CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION ApPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.
---------------------------------------------------------------------
Date: Mon, 19 Aug 1996 10:30:32 -0500 (CDT)
From: "Robert A. Hayden" <hayden@krypton.mankato.msus.edu>
Subject: File 1--Seeking opinions of Mankato State University email policy
-----BEGIN PGP SIGNED MESSAGE-----
At the beginning of the year, Mankato State University adopted the
following "email policy". Being a member of the student senate, I
expressed my concerns to the student government about the policy
(particularily the prohibitions on "political" speech), but it wasn't
politically feasible to challenge the policy as the student government had
approved it prior to my election (ie, I don't really thing they knew what
it was they were signing/signing-away). When I did bring it up to the
administration of the university, it was basicly reduced to "well, the
Senate said it was ok, so stick it" (well, that's somewhat paraphrased
:-).
Anyways, I'd like some opinions about this, as, in light of the Princeton
case (and the ACLU's response), I think I would like to attack this
policy. I would just like a little better feeling about where this policy
stands than the general "yucky" feeling I get.
Thanks for your time.
Robert Hayden
- -----------------------------
Mankato State University
MANKATO STATE UNIVERSITY
ELECTRONIC MAIL TRANSMISSION REGULATION
Article I. Objective
To ensure that electronic mail transmissions between and among MSU
authorized "E-mail" users are consistent with state statutes limiting
the use of state services and equipment to state business purposes
only. This effort is consistent with existing practices governing
other forms of communication on campus including telephone calls,
bulletin board postings, the mass distribution of promotional flyers,
and the use of intra-campus mail services.
Minnesota Statutes Chapter 43A.38, Subd. 4 - Use of State Property
An employee shall not use or allow the use of state time, supplies
or state owned or leased property and equipment for the employee's
private interests or any other use not in the interest of the state,
except as provided by law.
Minnesota Statutes Chapter 43A.39, Subd. 2 - Noncompliance
Any employee who intentionally fails to comply with the provisions
of Chapter 43A shall be subject to disciplinary action and action
pursuant to Chapter 609. An appointing authority shall report in
writing to the legislative auditor when there is probable cause to
believe that a substantial violation has occurred. Any person
convicted of a crime based on violations of this chapter shall be
ineligible for appointment in the civil service for three years
following conviction.
Minnesota Statues Chapter 609.87 thru 609.8911 - Computer Crime
[Statute deals with definitions; destructive computer programs;
intentional damage to computers, computer systems, computer
networks, computer software, etc.; theft of services and equipment;
unauthorized computer access; gross misdemeanor and misdemeanor
criminal penalties; and reporting violations.]
University Facilities and Services - Restricted Use
Faculty and staff are to use University facilities and services for
University business only. [Mankato State's Employee Handbook -
General Policies Section]
Professional and Ethical Standards
University equipment shall not be used by employees for personal use
without notice to and the written consent of his/her employer . . .
. [State University System Regulations Article 2.4] Similar language
is contained in Articles 4 and 27 of the IFO Labor Agreement and
Article 20 Section C of the MSUAASF Agreement.
Students, who are not already on-campus part-time employees covered by
the above statute citations, shall adhere to all E-mail policies and
regulations contained herein. It is the intent of this E-mail
regulation to cover all E-mail users within the campus community.
Article II. Regulation
The electronic mailing privilege is provided to members of the
University community to enhance their ability to quickly and
conveniently send and receive written communications and documents for
the purpose of conducting University business. Use of the privileges
for personal gain and for non-University related business is
prohibited. (The University continues to invest significant amounts of
its budget in the maintenance and improvement of electronic
transmission capability, in addition to the enormous past outlays
which have been made for computer hardware, software, and cabling.)
SECTION 1. FOR PROFIT USE PROHIBITED : NONPROFIT USE REQUIRE PRIOR APPROVAL
For profit organizations are strictly prohibited from the use of
University electronic mail services. (University contract vendors like
Wallace's University Bookstore and the ARAMARK food service shall be
provided access to the University electronic mail system only upon
agreement to pay MSU for these state provided services.) Non-profit
organizations may be allowed access only if the transmission has been
approved in advance by the University Operations Vice President (or
designee). Authorization for such access by a non-profit organization
will hinge on how closely it relates to the "state business use"
standard and the organization's traditional or direct tie to the
University (e.g., Mankato State University Foundation, United Way,
etc.).
SECTION 2. ACADEMIC FREEDOM PRINCIPLES APPLY
Commonly understood principles of academic freedom shall be applied to
the administration of information transmitted by E-mail.
SECTION 3. EXTERNAL TRANSMISSIONS TO MSU E-MAIL USERS
The ability of the University to monitor and regulate incoming
Internet transmissions is almost impossible. If unsolicited or
unwanted Internet transmissions are received, E-mail users may contact
their mail system manager so that an effort can be made to ensure that
such transmissions do not reoccur from the same source.
SECTION 4. POLITICAL USE OF E-MAIL PROHIBITED
Political transmissions are prohibited. This would include
transmissions which advocate the election of particular candidates for
public office at either the federal, state, or local level. Also
banned are those messages that advocate support of or opposition to
any particular referendum proposal that will be decided by the voters
during a general or special election affecting the public at large.
SECTION 5. COLLECTIVE BARGAINING UNITS, RECOGNIZED STUDENT GROUPS - E-MAIL
TRANSMISSIONS ALLOWED
This regulation is not to be interpreted as prohibiting transmissions
protected by existing employee collective bargaining agreement
provisions dealing with mailing privileges nor shall it be used to
deny access to recognized student organizations and related student
service departments who wish to announce upcoming events that may be
of interest to members of the University community.
SECTION 6. GENERAL STANDARDS AND GUIDELINES
1. Personal uses of E-mail which are prohibited include, but are not
limited to: chain letters; recipes; "garage sale" announcements;
solicitation or requests for contributions (e.g.needy family,
special relief efforts, etc.); commercial advertisements; and
advertisements for events or items for sale or rent that result in
personal gain or revenue for non-University departments and
programs or unapproved organizations as prohibited by provisions
in Article II, Section 1 of this policy.
2. E-mail users are asked to take care in directing their messages to
large audiences and to avoid sending repeats of the same messages
as "reminders." Concerns also exist that many messages sent to all
MSU mail users could be better targeted to smaller groups of
users.
3. E-mail transmissions shall not be used in any way which violate
Higher Education Board or University policies regarding
harassment. The University is not responsible for transmissions
which are libelous or defamatory.
4. A user's password is the key to the E-mail network and as such
users are advised that they are responsible for the security of
their respective password. There are major risks when a user's
password is known to others. Transmission made using that password
are assumed to be initiated by the password's user, though
managers of E-mail systems who investigate complaints shall not
automatically assume that the author of an offending transmission
is the password's user.
5. It is not the intent of this regulation to interfere with private
communications between individuals.
6. E-mail managers and network system administrators are expected to
treat the contents of electronic files as private and
confidential. Any inspection of electronic files, and any action
based upon such inspection, shall be governed by applicable
federal and state laws and by University policies.
Article III. Sanctions for Violations
Complaints by any user receiving electronic transmissions through Data
General, Microsoft Mail, and existing VAX services may be submitted to
any manager of a major E-mail system or directly to the University
Operations Vice President's Office. An E-mail manager will investigate
the complaint and make a determination on its validity. If a violation
did occur the E-mail manager shall inform the employee's immediate
supervisor and make a recommendation to implement one of the following
sanctions. Severity of the sanction is dependent on the nature of the
violation and history, if any, of past violations. The employee's
supervisor has five work days in which to approve, and or modify, the
E-mail system manager's recommendation. If no action occurs the E-mail
manager's recommendation is forwarded to the University Operations
Vice President for disposition.
SANCTIONS - DEPENDENT ON SEVERITY OF VIOLATION AND/OR HISTORY OF PAST
VIOLATIONS
* Verbal warning.
* Discipline pursuant to appropriate collective bargaining or other
employment regulations; discipline pursuant to appropriate student
conduct codes.
* Warning letter to the violator formally notifying of additional
sanctions if violations continue.
* Suspension of electronic mail privileges for five work days. The
user would continue to receive electronic mail but would not be
able to read it until after the suspension of privileges is lifted
and a new electronic mail password is issued by the appropriate
E-mail manager.
* Penalty consistent with federal or state law and/or employee
collective bargaining agreements. (Could involve referral of
matter to criminal authorities..)
APPEALS
Applicable appeal procedures may be implemented consistent with
employee bargaining unit contracts or student conduct codes.
Article IV. Electronic Mail Oversight Team
The "Electronic Mail Oversight Team" shall review e-mail practices,
procedures and policies and may make recommendations for improvement
to the Vice President for University Operations. The ten member
oversight team include the managers of these major e-mail systems:
* University Operations server (Microsoft Mail)
* P.E.T. server (Microsoft Mail)
* Student Develop. Prgms. & Activities server (Microsoft Mail)
* MSUS/PALS servers (Microsoft Mail)
* College of Science, Eng. & Tech. server (Microsoft Mail)
* Krypton server (Academic DEC with Unix Operating System)
* AS/400 server (Academic IBM System)
* MSMail 4,5,6,7,8, Computer Svcs., ACTS, Admin., MSU Academic, &
Memorial Library servers (Microsoft Mail)
* VAX1 server (MSU Academic VAX)
* Data General server
The team shall be convened at least twice annually and chaired by a
member elected by and from among the panel members.
Article V. Confidentiality and/or Privacy
Users are advised that the privacy of data stored or sent on the
system cannot be guaranteed; furthermore, there are a number of
circumstances in which data stored on the system will be accessed by
authorized individuals. Those circumstances include, but are not
limited, to the following:
* Performing administrative tasks, such as: identifying and pursuing
breaches of security mechanisms; maintaining the integrity or
operational state of the E-mail and related computer systems;
collecting aggregate data; etc. The individual authorizing any
search of a user's data must have reasonable grounds for
suspecting that the search will reveal evidence that the user has
violated a specific University, Higher Education Board policy,
state or federal law, or has committed work related misconduct.
The search of a user's data must be reasonably related in scope to
the suspicion which generated this search.
* Monitoring use of the E-mail and related computer systems to
determine whether the polices of the University, Higher Education
Board, and/or state or federal law have been broken.
* Monitoring use of the E-mail and related computer systems when it
is necessary so that the University can provide its services or
protect the rights or property of the University.
Meet and Confers Held
Date Proposal Submitted/Reviewed
IFO Faculty Association September 14, 1995 and October 12, 1995
MSUAASF Meet and Confer September 18, 1995 and October 16, 1995
Classified Employee Meet and Confer September 28, 1995
Student Association Meet and Confer October 12, 1995
Approved
_____________________________________________ ___________________
Mankato State University President Date
Document signed by Richard R. Rush on 1/30/1996
------------------------------
Date: Tue, 20 Aug 1996 09:18:16 -0700 (PDT)
From: "Carl M. Kadie" <kadie@eff.org>
Subject: File 2--Commends requested on Mankato "email" policy
I've never seen such a contradictory academic policy.
It says that "private" use is allowed, but that "personal" use is banned.
It says that academic freedom principles prevail, but that political
use is banned.
It says that searches must be based on "reasonable grounds for
suspecting that the search will reveal evidence that the user has
violated a specific [policy]", but also allows general suspensionless
"monitoring use of the E-mail [...] to determin whether the [polices]
have been broken.
[There must be a very interesting story about the creation of
a policy that contracts itself in alternating paragraphs.]
In any case, I believe the policy as it stands is illegal because:
It is unconstitutionally vague (and contradictory). There is no
way that a reasonable person could know if he or she was
violating the policy.
It applies employment rules to students. Students are not employees.
(As the U. of Wisconsin and U. of Michican found out in federal
court).
It bans protected political speech. As the ACLU letter to Princeton
pointed out, political speech not on behalf of the university
can not be singled out censorship.
It seems to authorize illegal searches.
Why all this trouble? I'm sure the University already has general
rules for speech via University resoures, media, forums. Don't
make email a second-class citizen, treat the same as traditional
forums.
- Carl
ANNOTATED REFERENCES
(All these documents are available on-line. Access information follows.)
=================<a href="ftp://ftp.eff.org/pub/CAF/law/political-speech">
law/political-speech
=================</a>