Re: Google Maps offering to "map our locations"....concerns??

[Nathan Zierfuss <nathan.zierfuss () ALASKA EDU>]

I share Brian's belief that floor plans are not a significant risk and if
they are they are well know or easily discoverable already. I also fail to
understand from this thread what we would be protecting and why it is
important. If we are talking about mapping publicly accessible areas and
wireless access points visible to the public haven't we already granted the
ability to know and access that information?

I find the thought of removing maps of public places or putting them behind
access controls contrary to the openness of the university environment. It
can be hard to facilitate exchange of knowledge if you are perceived as
closed off or complicated to navigate.

Nathan

On Tue, Apr 17, 2012 at 8:38 AM, Basgen, Brian <bbasgen () pima edu> wrote:

> ** **
>
> We have similarly been approached by Google, and there has been some
> internal discussion about the pros and cons.****
>
> ** **
>
> I find it difficult to sustain the notion that a floor plan presents a
> significant risk to the institution. Just two points, first from the
> venerable Claude Shannon: “The enemy knows the system.” Second, if a floor
> plan presents a significant risk, how can that risk be mitigated by the
> tens of thousands of students that walk the floor plan daily? ****
>
> ** **
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~****
>
> Brian Basgen****
>
> Director of User Support Services (Acting)****
>
> & Information Security Officer****
>
> ** **
>
> Pima Community College****
>
> Office: 520-206-4873****
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~****
>
> ** **
>
> *From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
> SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Jeff Moore
> *Sent:* Tuesday, April 17, 2012 8:31 AM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* Re: [SECURITY] Google Maps offering to "map our
> locations"....concerns??****
>
> ** **
>
> Perhaps we are ultra paranoid with the bomb threats we have had recently
>
> http://www.katu.com/news/local/Bomb-threat-shuts-down-Chemeketa-Community-College-139217864.html?tab=gallery&c=y&img=1
> but we are trying to be very protective of our internal structural
> information. We even went to the extreme of removing particular maps of our
> campus due to the fact that they had shown the internal dimensions of the
> buildings. As with anything this information can be used against us and our
> concerns are that someone could use this information strategically in a
> very negative way. We are looking at it with the view that the internal
> layout of the buildings is not a necessity for students and when we do
> provide them we will provide partial views that will cover the place of
> interest.
> Perhaps its a bit extreme but we have swayed toward the conservative side.
>
> Thanks all hope this helps!
>
> Jeff (Tinfoil Hat) Moore
>
> CCC****
>
> On Tue, Apr 17, 2012 at 4:55 AM, Tracy Mitrano <tbm3 () cornell edu> wrote:**
> **
>
> In light of this thread, I asked on the NACUA list if Google approached
> any attorneys.
>
> So far only one responded.   It was, for the record, a private institution.
>
> Tracy
>
> On a mobile device, please excuse typos.****
>
>
> On Apr 17, 2012, at 6:50 AM, "Berman, Mark" <mberman () SIENA EDU> wrote:
>
> > Michael,
> >
> > I realize that for those of whose job includes security there is a
> responsibility to be a little paranoid, but this seems pretty harmless.
> Wearing another my hats of being responsible for the wireless network this
> seems very cool. They are offering to map the strength of our WiFi signal
> in the public areas of our campus. We don't intentionally provide wireless
> signal outdoors: here in the northeast there are only 2 weeks a year that
> the weather is conducive to sitting outside and working, otherwise it's too
> cold or it's raining or it's too sunny to see the screen! However a
> wireless heat map of the campus would be useful to students and useful to
> us to see if there are areas that we should pump up a bit. Most campuses
> have centrally controlled WiFi networks and I can't see any particular
> security risk to Google advertising the (after all) publicly viewable
> aspects of our networks.
> > Am I missing something?
> >
> > - Mark
> >
> > From: "SCHALIP, MICHAEL" <mschalip () CNM EDU<mailto:mschalip () CNM EDU>>
> > Date: Mon, 16 Apr 2012 00:16:19 -0400
> > Subject: Google Maps offering to "map our locations"....concerns??
> >
> >
> > Hi Folks....
> >
> > Has anyone else been approached by Google Maps to allow them to "map
> your campus" in detail - presumably, for student navigation purposes??
>  Here's the "agreement" that they want us to sign off on.  I have some
> basic concerns, but - then again - my concerns may be completely unfounded.
>  So - I thought I'd offer this up to this group to see what your collective
> wisdom would respond with....(note the italicized entry)....
> > Let me know what you all think....
> >
> >
> >
> > Thanks,
> >
> >
> >
> > Michael
> >
> > Agreement
> > We (the “Property Owner”, “Property Manager”, or “Property Operator”)
> hereby permit Google Inc. (through its employees, affiliates or agents) to
> enter the publicly accessible areas of the properties described above, at a
> time and in the manner directed by our designated contact person listed in
> the Signatory Information area below, to collect Location Information.
> > For the purposes of this agreement, “Location Information” means Wi-Fi
> access point MAC addresses (also known as BSSIDs); Wi-Fi access point
> properties (including signal strength); mobile handset-generated compass,
> gyroscope and accelerometer measurements; and other related information.
> > Google will abide by the property access rules specified by our
> designated contact person.
> > Google must have suitable insurance coverage or self-insure for all of
> Google’s activities on the propert(ies).  Google will be responsible for
> all costs of its data collection, and will be the exclusive owner of all
> right, title and interest in all data collected on the proper(ties).
> > This letter does not give Google any intellectual property rights to our
> trademarks or logos.  Neither party will use the other’s name, trademark or
> logo in any public statement without the other’s permission.
> > We affirm that we are either the Property Owner, the Property Manager,
> or the Property Operator, and that we have full power and authority to
> grant you the permission above.
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner<http://www.mailscanner.info/>, and is
> > believed to be clean.****
>
>
>
>
> --
> Jeff Moore****
>
> Desk (503) 877-4707 <https://www.google.com/voice?pli=1#phones>****
>
> Cell (503) 9 <https://www.google.com/voice?pli=1#phones>10-0756****
>
> Mail () JeffMoore com****
>
> ** **



-- 
Nathan Zierfuss, CISSP
Chief Information Security Officer
-
Technology Oversight Services, University of Alaska
910 Yukon Dr. Suite 105, PO Box 755320
Fairbanks, Alaska 99775-5320
-
Phone: 907-450-8112  Fax: 907-450-8381