Re:

["Jeffrey I. Schiller" <jis () MIT EDU>]

I'm joining this conversation a little late (way too much mail in my
inbox...).

There are three scenarios here:

     1. Sending e-mail anonymously, no ability to respond to the message
        (one can do this with the various anonymous remailer servers on
        the Internet).
     2. Sending e-mail from an alias, which may be replied to, but where
        it isn't obvious who the "real" person is.
     3. Sending e-mail claiming to be someone else.

Case (3) should be against most reasonable AUPs (with the notable
exception that it is "OK" to technically send out a message in another
person's name when that person has delegated that authority. For example
when our university President sends e-email to everyone in our
community, I do the actual sending of the mail. Her office usually
drafts the message and she, of course, approves it).

There is nothing legally wrong with cases (1) and (2) either. I know, I
have looked into it. [Legal Disclaimer: I am not a lawyer.] And I would
be surprised that in an academic institution, where we tend to value
academic freedom and freedom of expression, we should have a problem
with these (last I check at least.... at MIT we strongly value freedom
of expression, even when it hurts).

A reasonable policy is to require people to not communicate fraudulently
with University Officials (i.e., claim to be someone else without their
permission). It is also reasonable to state that anonymous messages may
not be given any credence and messages from aliases may be ignored.
NOTE: In the U.S. you may have an obligation to investigate several
situations, including Child Pornography and Harassment even if they are
brought to your attention in an anonymous fashion.

I believe the situation you are really trying to deal with is where an
employee uses and alias to send mail to a supervisor (or other person in
the management chain) to complain about management policies they do not
agree with. Fearing retaliation, they choose to attempt to remain
anonymous. Now these situations may be annoying, but they are probably
not worth the chilling effects on free speech that could accrue from
attempting to control them via a network AUP. In my opinion they are
best dealt with on a case by case basis.

                        -Jeff

On Tue, 2005-06-14 at 16:45, Theresa Semmens wrote:
> We're looking at the possibility of providing in a policy that it would be
> an acceptable use violation to misrepresent who one is when communicating
> with a university official; particularly as it applies to employees.
>
> This is to get at the situation where someone uses an alias to communicate
> on a work related matter to someone else.
>
> I'm wondering if any of you have such a restriction in place, or could point
> me to a policy with such a restriction. Any advice or suggestions would be
> helpful. 
>
> Best regards,
>
> Theresa Semmens, CISA
> IT Security Officer
> North Dakota State University
> IACC 210C
> Ph: 701-231-5870
> E-mail: theresa.semmens () ndsu edu
>  
> "If you believe you cannot do something, it makes you incapable of doing it.
> But when you believe you can, you acquire the ability to do it, even if you
> did not have the ability in the beginning."       Mahatma Gandhi
-- 
=============================================================================
Jeffrey I. Schiller
MIT Network Manager
Information Services and Technology
Massachusetts Institute of Technology
77 Massachusetts Avenue  Room W92-190
Cambridge, MA 02139-4307
617.253.0161 - Voice
jis () mit edu
============================================================================

Attachment: signature.asc
Description: This is a digitally signed message part