Educause Security Discussion mailing list archives
Re:
From: "Jeffrey I. Schiller" <jis () MIT EDU>
Date: Sat, 25 Jun 2005 18:48:19 -0400
I'm joining this conversation a little late (way too much mail in my inbox...). There are three scenarios here: 1. Sending e-mail anonymously, no ability to respond to the message (one can do this with the various anonymous remailer servers on the Internet). 2. Sending e-mail from an alias, which may be replied to, but where it isn't obvious who the "real" person is. 3. Sending e-mail claiming to be someone else. Case (3) should be against most reasonable AUPs (with the notable exception that it is "OK" to technically send out a message in another person's name when that person has delegated that authority. For example when our university President sends e-email to everyone in our community, I do the actual sending of the mail. Her office usually drafts the message and she, of course, approves it). There is nothing legally wrong with cases (1) and (2) either. I know, I have looked into it. [Legal Disclaimer: I am not a lawyer.] And I would be surprised that in an academic institution, where we tend to value academic freedom and freedom of expression, we should have a problem with these (last I check at least.... at MIT we strongly value freedom of expression, even when it hurts). A reasonable policy is to require people to not communicate fraudulently with University Officials (i.e., claim to be someone else without their permission). It is also reasonable to state that anonymous messages may not be given any credence and messages from aliases may be ignored. NOTE: In the U.S. you may have an obligation to investigate several situations, including Child Pornography and Harassment even if they are brought to your attention in an anonymous fashion. I believe the situation you are really trying to deal with is where an employee uses and alias to send mail to a supervisor (or other person in the management chain) to complain about management policies they do not agree with. Fearing retaliation, they choose to attempt to remain anonymous. Now these situations may be annoying, but they are probably not worth the chilling effects on free speech that could accrue from attempting to control them via a network AUP. In my opinion they are best dealt with on a case by case basis. -Jeff On Tue, 2005-06-14 at 16:45, Theresa Semmens wrote:
We're looking at the possibility of providing in a policy that it would be an acceptable use violation to misrepresent who one is when communicating with a university official; particularly as it applies to employees. This is to get at the situation where someone uses an alias to communicate on a work related matter to someone else. I'm wondering if any of you have such a restriction in place, or could point me to a policy with such a restriction. Any advice or suggestions would be helpful. Best regards, Theresa Semmens, CISA IT Security Officer North Dakota State University IACC 210C Ph: 701-231-5870 E-mail: theresa.semmens () ndsu edu "If you believe you cannot do something, it makes you incapable of doing it. But when you believe you can, you acquire the ability to do it, even if you did not have the ability in the beginning." Mahatma Gandhi
-- ============================================================================= Jeffrey I. Schiller MIT Network Manager Information Services and Technology Massachusetts Institute of Technology 77 Massachusetts Avenue Room W92-190 Cambridge, MA 02139-4307 617.253.0161 - Voice jis () mit edu ============================================================================
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: Jeffrey I. Schiller (Jun 25)