Educause Security Discussion mailing list archives
Re: Marketscore and Higher Ed
From: Jere Retzer <retzerj () OHSU EDU>
Date: Wed, 22 Dec 2004 14:27:04 -0800
Going even further, suppose your example is a physician connecting to a hospital to check patient records. The physician probably just violated his business associate agreement with the hospital that he signed in order to comply with HIPAA.
jhmfa () RIT EDU 12/22/2004 2:16:27 PM >>>
I don't get to have nearly as much fun with technology that I used to. So let me ask a simple technical Marketscore question. Suppose I am a student. I have a laptop registered with the university. There are some folks in my dorm that use a lot of bandwidth for games servers, anime servers, and basically, I would like a faster connection. EULAs are boring, so I bit, I have Marketscore and I am still waiting for faster network service. I am on campus, and I want to check something in the Student Information System (also on campus) for a meeting with my academic advisor, later today. So I access my academic records, which are safe and secure and the university is on the hook for that, because of FERPA. ** Do my educational records go through Marketscore? Does their proxy distinguish between LAN and Internet connections? ** If the data does go through them, what are the responsibilities under FERPA (or any other law that requires control of access) and with whom does the responsibility rest? It seems to me that Marketscore should be illegal by university policy, in order to fulfill our responsibility to govern access. Or does the EULA basically have the data owner wave their rights? But then if I am a faculty member accessing students educational records from a Marketscore "equipped" laptop in order to advise, the faculty member is not the owner, and they have no ability to wave those rights on behalf of the student. It seems like Marketscore shouldn't be surprised that Universities are up in arms, if they do not distinguish between internet, and intranet. That "if" is the key. If they don't distinguish, I am surprised that more medical schools do not protest. From some knowledge of business, it seems like road warrior sales people also have administrative rights, and are never satisfied with the connections from the hotel, and might be tempted to marketscore. If that is true, I would expect corporations to be up in arms as well, as confidential pricing, strategy, new product information, or customer information is routed through Marketscore servers. I feel like I am missing a few pieces. Jim - - - Jim Moore, CISSP, IAM Information Security Officer Rochester Institute of Technology 13 Lomb Memorial Drive Rochester, NY 14623-5603 Office: 585-475-5406 Lab: 585-475-4122 Fax: 585-475-7950 "Distrust and caution are the parents of security." -- Benjamin Franklin "We will bankrupt ourselves in the vain search for absolute security." -- Dwight D. Eisenhower ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Marketscore and Higher Ed Steve Brukbacher (Dec 22)
- <Possible follow-ups>
- Re: Marketscore and Higher Ed Joel Rosenblatt (Dec 22)
- Re: Marketscore and Higher Ed Mike Iglesias (Dec 22)
- Re: Marketscore and Higher Ed James H Moore (Dec 22)
- Re: Marketscore and Higher Ed Jere Retzer (Dec 22)
- Re: Marketscore and Higher Ed Jeff Kell (Dec 23)
- Re: Marketscore and Higher Ed Gary Dobbins (Dec 23)
- Re: Marketscore and Higher Ed Joel Rosenblatt (Dec 23)
- Re: Marketscore and Higher Ed Joe St Sauver (Dec 23)
- Re: Marketscore and Higher Ed Mark Poepping (Dec 23)
- Re: Marketscore and Higher Ed David L. Wasley (Dec 23)