Educause Security Discussion mailing list archives
Re: SECURITY Digest - 12 Jun 2015 to 13 Jun 2015 (#2015-110)
From: "Conlee, Keith" <conlee () COD EDU>
Date: Thu, 23 Jul 2015 21:32:35 +0000
RE: Legal compliance for Children (<13) on your network. If someone has not said yet. You just have to follow FTC COPPA - Children's Online Privacy Protection Act. It is pretty straight forward and easy. At the center of compliance is a waiver the parents or legal guardian must sign noting that bad things are on the internet and they are allowing their child to have access. If the waiver is not signed, then the child is not enrolled or cannot participate. I.e., every parent signs if they want their child to participate in the camp. Keith Conlee, JD, PCIP, CISSP, CISA, CBCP Chief Security Officer, IT College of DuPage 425 Fawell Blvd. Glen Ellyn, IL 60137-6599 Ph. - 630.942.3055 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of SECURITY automatic digest system Sent: Saturday, June 13, 2015 11:00 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: SECURITY Digest - 12 Jun 2015 to 13 Jun 2015 (#2015-110) There are 6 messages totalling 1338 lines in this issue. Topics of the day: 1. <No subject given> (3) 2. Legal or compliance issues when providing children with network access (3) ---------------------------------------------------------------------- Date: Sat, 13 Jun 2015 07:26:13 +0000 From: Tracy Beth Mitrano <tbm3 () CORNELL EDU> Subject: <No subject given> --_000_FEDCB8FEC2404C969BA4AB038A83C423cornelledu_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Rosella, I agree with what Mark outlined and will add for more clarification that un= less your network supplies the public with Internet service, as for example= with a fee, or it connects directly to the Internet, instead of going thro= ugh a commercial provider, the network is exempt from CALEA. Best, Tracy On Jun 12, 2015, at 6:31 AM, Berman, Mark <mberman () siena edu<mailto:mberman= @siena.edu>> wrote: Rosella, I think the articles you are reading are from when CALEA was first passed a= nd interpretations had not been written. The commonly accepted reading of t= he law now is that it exempts "private networks" and most higher ed institu= tions define themselves as private networks. There has been some "forgettin= g" about CALEA in recent years and I've read postings on this list about co= lleges who allow open access to their networks; my take is that if you run = some kind of Network Access Control (NAC) and only allow full access to peo= ple with accounts in your system, along with guest access where people regi= ster their names and reasons for being on campus, then you can in good fait= h define yourself as "private" and exempt from CALEA. I remember the ALA (l= ibraries) issuing a legal opinion that libraries were exempt for other reas= ons and that opinion is available on the Educause site here: http://www.edu= cause.edu/library/resources/libraries-are-exempt-calea-wiretap-obligations Bottom line, it's a lot easier to declare yourself exempt than to spend mon= ey on hardware to try and comply. As far as I know this has never been liti= gated and until it is and a judge says I'm wrong, I'll stand on that opinio= n. - Mark -- Mark Berman, Chief Information Officer Siena College 515 Loudon Road Loudonville, NY 12211 (518)782-6957, Fax: (518)783-2590 Siena College is a learning community advancing the ideals of a liberal art= s education, rooted in its identity as a Franciscan and Catholic institutio= n. CONFIDENTIALITY NOTICE: This e-mail, including any attachments, is for the = sole use of the intended recipient(s) and may contain confidential and priv= ileged information. Any unauthorized review, use, disclosure, or distributi= on is prohibited. If you received this e-mail and are not the intended reci= pient, please inform the sender by e-mail reply and destroy all copies of t= he original message. On 6-11-15, Rossella Mariotti-Jones Wrote: Hello all, I found the following FAQ on Educause and I have some questions = about how the compliance technically works. At some point in the past when = we were figuring out how to comply, someone suggested that as long as we ca= n supply a span port on various key pieces of equipment we could be ok beca= use the Feds will come in with their own boxes. Is this at all close to wha= t happens in reality? and if not, what is the college required to provide? TIA. http://www.educause.edu/focus-areas-and-initiatives/policy-and-security/edu= cause-policy/issues-and-positions/networking-and-telecommunications/tfaq rossella mariotti-jones | network analyst | information technology | chemek= eta community college | p: 503-589-7775 | e: rmariott () chemeketa edu<https:/= /mail.google.com/mail/?view=3Dcm&fs=3D1&tf=3D1&to=3Drmariott () chemeketa edu> --_000_FEDCB8FEC2404C969BA4AB038A83C423cornelledu_ Content-Type: text/html; charset="us-ascii" Content-ID: <4F2D3892633FFD40ADB07AFEB3C2874F () namprd04 prod outlook com> Content-Transfer-Encoding: quoted-printable <html> <head> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
</head> <body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin= e-break: after-white-space;" class=3D""> Rosella, <div class=3D""><br class=3D""> </div> <div class=3D"">I agree with what Mark outlined and will add for more clari= fication that unless your network supplies the public with Internet service= , as for example with a fee, or it connects directly to the Internet, inste= ad of going through a commercial provider, the network is exempt from CALEA.</div> <div class=3D""><br class=3D""> </div> <div class=3D"">Best, Tracy</div> <div class=3D""><br class=3D""> </div> <div class=3D""><br class=3D""> <div> <blockquote type=3D"cite" class=3D""> <div class=3D"">On Jun 12, 2015, at 6:31 AM, Berman, Mark <<a href=3D"ma= ilto:mberman () siena edu" class=3D"">mberman () siena edu</a>> wrote:</div> <br class=3D"Apple-interchange-newline"> <div class=3D""> <div dir=3D"ltr" class=3D"">Rosella, <div class=3D""><br class=3D""> </div> <div class=3D"">I think the articles you are reading are from when CALEA wa= s first passed and interpretations had not been written. The commonly accep= ted reading of the law now is that it exempts "private networks" = and most higher ed institutions define themselves as private networks. There has been some "forgetting" about CALE= A in recent years and I've read postings on this list about colleges who al= low open access to their networks; my take is that if you run some kind of = Network Access Control (NAC) and only allow full access to people with accounts in your system, along with guest acces= s where people register their names and reasons for being on campus, then y= ou can in good faith define yourself as "private" and exempt from= CALEA. I remember the ALA (libraries) issuing a legal opinion that libraries were exempt for other reasons and that opin= ion is available on the Educause site here: <a href=3D"http://www.educ= ause.edu/library/resources/libraries-are-exempt-calea-wiretap-obligations" = class=3D"">http://www.educause.edu/library/resources/libraries-are-exempt-c= alea-wiretap-obligations</a></div> <div class=3D""><br class=3D""> </div> <div class=3D"">Bottom line, it's a lot easier to declare yourself exempt t= han to spend money on hardware to try and comply. As far as I know this has= never been litigated and until it is and a judge says I'm wrong, I'll stan= d on that opinion.</div> <div class=3D""><br class=3D""> </div> <div class=3D""> - Mark <div dir=3D"ltr" class=3D""> <div style=3D"font-family:arial,sans-serif;font-size:13px" class=3D"">--</d= iv> <span style=3D"font-family:arial,sans-serif;font-size:13px" class=3D"">Mark= Berman, Chief Information Officer</span><br style=3D"font-family:arial,san= s-serif;font-size:13px" class=3D""> <span style=3D"font-family:arial,sans-serif;font-size:13px" class=3D"">Sien= a College</span><br style=3D"font-family:arial,sans-serif;font-size:13px" c= lass=3D""> <span style=3D"font-family:arial,sans-serif;font-size:13px" class=3D"">515 = Loudon Road</span><br style=3D"font-family:arial,sans-serif;font-size:13px"= class=3D""> <span style=3D"font-family:arial,sans-serif;font-size:13px" class=3D"">Loud= onville, NY 12211</span><br style=3D"font-family:arial,sans-serif;fon= t-size:13px" class=3D""> <a value=3D"+15187826957" style=3D"font-family:arial,sans-serif;font-si= ze:13px" class=3D"">(518)782-6957</a><span style=3D"font-family:arial,sans-= serif;font-size:13px" class=3D"">, Fax: </span><a value=3D"+= 15187832590" style=3D"font-family:arial,sans-serif;font-size:13px" class=3D= "">(518)783-2590</a><br style=3D"font-family:arial,sans-serif;font-size:13p= x" class=3D""> <i style=3D"font-family:arial,sans-serif;font-size:13px" class=3D""><font s= ize=3D"1" class=3D""><b class=3D""><font color=3D"#006600" class=3D"">Siena= College is a learning community advancing the ideals of a liberal arts edu= cation, rooted in its identity as a Franciscan and Catholic institution.</font><br class=3D""> </b></font></i><br style=3D"font-family:arial,sans-serif;font-size:13px" cl= ass=3D""> <span style=3D"font-family:arial,sans-serif;font-size:13px" class=3D""><fon= t size=3D"1" class=3D""><i class=3D"">CONFIDENTIALITY NOTICE: This e-mail, = including any attachments, is for the sole use of the intended recipient(s)= and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is = prohibited. If you received this e-mail and are not the intended recipient,= please inform the sender by e-mail reply and destroy all copies of the ori= ginal message.</i></font></span><br class=3D""> </div> </div> <div class=3D""><br class=3D""> <div class=3D"">On 6-11-15, <span style=3D"font-family: monospace; fon= t-size: 14px;" class=3D"">Rossella Mariotti-Jones Wrote:</span></div> <blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-= left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p= adding-left:1ex"> <span style=3D"font-family: Times; font-size: inherit;" class=3D"">Hello al= l, I found the following FAQ on Educause and I have some questions about ho= w the compliance technically works. At some point in the past when we were = figuring out how to comply, someone suggested that as long as we can supply a span port on various key pieces = of equipment we could be ok because the Feds will come in with their own bo= xes. Is this at all close to what happens in reality? and if not, what is t= he college required to provide?<br class=3D""> </span>TIA.<br class=3D""> <a href=3D"http://www.educause.edu/focus-areas-and-initiatives/policy-and-s= ecurity/educause-policy/issues-and-positions/networking-and-telecommunicati= ons/tfaq" class=3D"">http://www.educause.edu/focus-areas-and-initiatives/po= licy-and-security/educause-policy/issues-and-positions/networking-and-telec= ommunications/tfaq</a><br class=3D""> rossella mariotti-jones | network analyst | information technology | chemek= eta community college | p: 503-589-7775 | e: <a href=3D"https://mail.g= oogle.com/mail/?view=3Dcm&fs=3D1&tf=3D1&to=3Drmariott@chemeketa= .edu" target=3D"_blank" class=3D"">rmariott () chemeketa edu</a></blockquote> </div> </div> </div> </blockquote> </div> <br class=3D""> </div> </body> </html> --_000_FEDCB8FEC2404C969BA4AB038A83C423cornelledu_-- ------------------------------ Date: Sat, 13 Jun 2015 13:14:17 +0000 From: "Mayne, Jim" <j.mayne () TCU EDU> Subject: Legal or compliance issues when providing children with network access --_000_668e01cda03941c1941c647d99b81134EXFS01N5tcuedu_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable At TCU there is more and more use of our facilities during the summer for c= hildren's camps of one sort or another (e.g. baseball, cheerleading, music)= . In most cases these are children under 18 and in many cases they are unde= r 13. Are there legal or compliance issues we need to consider if we provide them= with guest network account so they can access the internet while staying o= n campus? If so would it matter if they used the accounts in a supervised classroom s= etting or unsupervised in a dorm room overnight? We do not do any content filtering on our network. Thanks, Jim Jim Mayne Information Security Services --_000_668e01cda03941c1941c647d99b81134EXFS01N5tcuedu_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr= osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml"; xmlns=3D"http:= //www.w3.org/TR/REC-html40"> <head> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:#002060;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"#0563C1" vlink=3D"#954F72">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:#002060">At TC=
U there is more and more use of our facilities during the summer for childr=
en’s camps of one sort or another (e.g. baseball, cheerleading, music=
). In most cases these are children under
18 and in many cases they are under 13. <o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:#002060"><o:p>=
</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:#002060">Are t=
here legal or compliance issues we need to consider if we provide them with=
guest network account so they can access the internet while staying on cam=
pus?<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:#002060"><o:p>=
</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:#002060">If so=
would it matter if they used the accounts in a supervised classroom settin=
g or unsupervised in a dorm room overnight?<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:#002060"><o:p>=
</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:#002060">We do=
not do any content filtering on our network.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:#002060"><o:p>=
</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:#002060">Thank=
s,<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:#002060">Jim<o=
:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:#002060"><o:p>=
</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;color:gray">Jim Mayn=
e<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;color:gray">Informat=
ion Security Services<o:p></o:p></span></p>
<p class=3D"MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>
--_000_668e01cda03941c1941c647d99b81134EXFS01N5tcuedu_--
------------------------------
Date: Sat, 13 Jun 2015 17:33:12 +0000
From: "Ejike, Emechete C." <EEjike () ODU EDU>
Subject: Re: Legal or compliance issues when providing children with network access
--_000_A4419A7715B84AD4872B5471A897F218oduedu_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
This is a very interesting topic. I do believe most institutions offer simi=
lar summer programs. It would be interesting to hear what members of our li=
st have to says. Thanks Jim.
--
Eme Ejike
Asst. ISO
Old Dominion university
On Jun 13, 2015, at 9:17 AM, Mayne, Jim <j.mayne () TCU EDU<mailto:j.mayne@TCU=
.EDU>> wrote:
At TCU there is more and more use of our facilities during the summer for c=
hildren=92s camps of one sort or another (e.g. baseball, cheerleading, musi=
c). In most cases these are children under 18 and in many cases they are un=
der 13.
Are there legal or compliance issues we need to consider if we provide them=
with guest network account so they can access the internet while staying o=
n campus?
If so would it matter if they used the accounts in a supervised classroom s=
etting or unsupervised in a dorm room overnight?
We do not do any content filtering on our network.
Thanks,
Jim
Jim Mayne
Information Security Services
--
BEGIN-ANTISPAM-VOTING-LINKS
------------------------------------------------------
Teach CanIt if this mail (ID 03ODNhyax) is spam:
Spam: https://www.spamtrap.odu.edu/canit/b.php?i=3D03ODNhyax&m=3D16d=
106f4d97a&t=3D20150613&c=3Ds
Not spam: https://www.spamtrap.odu.edu/canit/b.php?i=3D03ODNhyax&m=3D16d=
106f4d97a&t=3D20150613&c=3Dn
Forget vote: https://www.spamtrap.odu.edu/canit/b.php?i=3D03ODNhyax&m=3D16d=
106f4d97a&t=3D20150613&c=3Df
------------------------------------------------------
END-ANTISPAM-VOTING-LINKS
--_000_A4419A7715B84AD4872B5471A897F218oduedu_
Content-Type: text/html; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
</head>
<body dir=3D"auto">
<div>This is a very interesting topic. I do believe most institutions offer=
similar summer programs. It would be interesting to hear what members of o=
ur list have to says. Thanks Jim.</div>
<div><br>
</div>
<div>--</div>
<div>Eme Ejike</div>
<div>Asst. ISO</div>
<div>Old Dominion university </div>
<div><br>
On Jun 13, 2015, at 9:17 AM, Mayne, Jim <<a href=3D"mailto:j.mayne@TCU.E=
DU">j.mayne () TCU EDU</a>> wrote:<br>
<br>
</div>
<blockquote type=3D"cite">
<div>
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:#002060;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:#002060">At TC=
U there is more and more use of our facilities during the summer for childr=
en=92s camps of one sort or another (e.g. baseball, cheerleading, music). I=
n most cases these are children under
18 and in many cases they are under 13. <o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:#002060"><o:p>=
</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:#002060">Are t=
here legal or compliance issues we need to consider if we provide them with=
guest network account so they can access the internet while staying on cam=
pus?<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:#002060"><o:p>=
</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:#002060">If so=
would it matter if they used the accounts in a supervised classroom settin=
g or unsupervised in a dorm room overnight?<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:#002060"><o:p>=
</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:#002060">We do=
not do any content filtering on our network.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:#002060"><o:p>=
</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:#002060">Thank=
s,<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:#002060">Jim<o=
:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:#002060"><o:p>=
</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;color:gray">Jim Mayn=
e<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;color:gray">Informat=
ion Security Services<o:p></o:p></span></p>
<p class=3D"MsoNormal"><o:p> </o:p></p>
</div>
</div>
</blockquote>
<blockquote type=3D"cite">
<div><span></span><br>
<span>-- </span><br>
<span>BEGIN-ANTISPAM-VOTING-LINKS</span><br>
<span>------------------------------------------------------</span><br>
<span></span><br>
<span>Teach CanIt if this mail (ID 03ODNhyax) is spam:</span><br>
<span>Spam: <a href=3D"https://ww=
w.spamtrap.odu.edu/canit/b.php?i=3D03ODNhyax&m=3D16d106f4d97a&t=3D2=
0150613&c=3Ds">https://www.spamtrap.odu.edu/canit/b.php?i=3D03ODNhyax&a=
mp;m=3D16d106f4d97a&t=3D20150613&c=3Ds</a></span><br>
<span>Not spam: <a href=3D"https://www.spamtrap.odu.edu/c=
anit/b.php?i=3D03ODNhyax&m=3D16d106f4d97a&t=3D20150613&c=3Dn">h=
ttps://www.spamtrap.odu.edu/canit/b.php?i=3D03ODNhyax&m=3D16d106f4d97a&=
amp;t=3D20150613&c=3Dn</a></span><br>
<span>Forget vote: <a href=3D"https://www.spamtrap.odu.edu/canit/b.php?i=3D=
03ODNhyax&m=3D16d106f4d97a&t=3D20150613&c=3Df">
https://www.spamtrap.odu.edu/canit/b.php?i=3D03ODNhyax&m=3D16d106f4d97a=
&t=3D20150613&c=3Df</a></span><br>
<span>------------------------------------------------------</span><br>
<span>END-ANTISPAM-VOTING-LINKS</span><br>
</div>
</blockquote>
</body>
</html>
--_000_A4419A7715B84AD4872B5471A897F218oduedu_--
------------------------------
Date: Sat, 13 Jun 2015 17:45:49 +0000
From: Tracy Beth Mitrano <tbm3 () CORNELL EDU>
Subject: Re: Legal or compliance issues when providing children with network access
--_000_578EAA521DF4410F83CF7DBA1AC54A43cornelledu_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
Younger than 13 it might be a good idea to educate on COPPA; any age should=
know about network security (patching and anti-virus) that concerns their =
own devices and, if they are in computer science type classes their respons=
ibilities using the institutional network (for example for scanning exercis=
es).
Information literacy should include instruction that distinguishes enterpri=
se and consumer privacy, as well as creating an Internet =93profile=94 and =
social networking use (an oldie but I hope still goodie: http://www.it.corn=
ell.edu/policies/socialnetworking/facebook.cfm). Basics on your institutio=
n=92s IT Policies are good for them to know too, especially that which invo=
lves copyright, and/or how other policies, such as code of conduct are inco=
rporated in the use of information technology resources.
T.
On Jun 13, 2015, at 1:33 PM, Ejike, Emechete C. <EEjike () ODU EDU<mailto:EEji=
ke () ODU EDU>> wrote:
This is a very interesting topic. I do believe most institutions offer simi=
lar summer programs. It would be interesting to hear what members of our li=
st have to says. Thanks Jim.
--
Eme Ejike
Asst. ISO
Old Dominion university
On Jun 13, 2015, at 9:17 AM, Mayne, Jim <j.mayne () TCU EDU<mailto:j.mayne@TCU=
.EDU>> wrote:
At TCU there is more and more use of our facilities during the summer for c=
hildren=92s camps of one sort or another (e.g. baseball, cheerleading, musi=
c). In most cases these are children under 18 and in many cases they are un=
der 13.
Are there legal or compliance issues we need to consider if we provide them=
with guest network account so they can access the internet while staying o=
n campus?
If so would it matter if they used the accounts in a supervised classroom s=
etting or unsupervised in a dorm room overnight?
We do not do any content filtering on our network.
Thanks,
Jim
Jim Mayne
Information Security Services
--
BEGIN-ANTISPAM-VOTING-LINKS
------------------------------------------------------
Teach CanIt if this mail (ID 03ODNhyax) is spam:
Spam: https://www.spamtrap.odu.edu/canit/b.php?i=3D03ODNhyax&m=3D16d=
106f4d97a&t=3D20150613&c=3Ds
Not spam: https://www.spamtrap.odu.edu/canit/b.php?i=3D03ODNhyax&m=3D16d=
106f4d97a&t=3D20150613&c=3Dn
Forget vote: https://www.spamtrap.odu.edu/canit/b.php?i=3D03ODNhyax&m=3D16d=
106f4d97a&t=3D20150613&c=3Df
------------------------------------------------------
END-ANTISPAM-VOTING-LINKS
--_000_578EAA521DF4410F83CF7DBA1AC54A43cornelledu_
Content-Type: text/html; charset="Windows-1252"
Content-ID: <CEE8264A0E0BD94D92B3F263F5DE2E6C () namprd04 prod outlook com>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space;" class=3D"">
Younger than 13 it might be a good idea to educate on COPPA; any age should=
know about network security (patching and anti-virus) that concerns their =
own devices and, if they are in computer science type classes their respons=
ibilities using the institutional
network (for example for scanning exercises).
<div class=3D""><br class=3D"">
</div>
<div class=3D"">Information literacy should include instruction that distin=
guishes enterprise and consumer privacy, as well as creating an Internet =
=93profile=94 and social networking use (an oldie but I hope still goodie:&=
nbsp;<a href=3D"http://www.it.cornell.edu/policies/socialnetworking/faceboo=
k.cfm" class=3D"">http://www.it.cornell.edu/policies/socialnetworking/faceb=
ook.cfm</a>).
Basics on your institution=92s IT Policies are good for them to know=
too, especially that which involves copyright, and/or how other policies, =
such as code of conduct are incorporated in the use of information technolo=
gy resources.
<div class=3D""><br class=3D"">
</div>
<div class=3D"">T.</div>
<div class=3D""><br class=3D"">
</div>
<div class=3D""><br class=3D"">
<div>
<blockquote type=3D"cite" class=3D"">
<div class=3D"">On Jun 13, 2015, at 1:33 PM, Ejike, Emechete C. <<a href=
=3D"mailto:EEjike () ODU EDU" class=3D"">EEjike () ODU EDU</a>> wrote:</div>
<br class=3D"Apple-interchange-newline">
<div class=3D"">
<div style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant: normal; font-weight: normal; letter-spacing: normal; line-hei=
ght: normal; orphans: auto; text-align: start; text-indent: 0px; text-trans=
form: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-t=
ext-stroke-width: 0px;" class=3D"">
This is a very interesting topic. I do believe most institutions offer simi=
lar summer programs. It would be interesting to hear what members of our li=
st have to says. Thanks Jim.</div>
<div style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant: normal; font-weight: normal; letter-spacing: normal; line-hei=
ght: normal; orphans: auto; text-align: start; text-indent: 0px; text-trans=
form: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-t=
ext-stroke-width: 0px;" class=3D"">
<br class=3D"">
</div>
<div style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant: normal; font-weight: normal; letter-spacing: normal; line-hei=
ght: normal; orphans: auto; text-align: start; text-indent: 0px; text-trans=
form: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-t=
ext-stroke-width: 0px;" class=3D"">
--</div>
<div style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant: normal; font-weight: normal; letter-spacing: normal; line-hei=
ght: normal; orphans: auto; text-align: start; text-indent: 0px; text-trans=
form: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-t=
ext-stroke-width: 0px;" class=3D"">
Eme Ejike</div>
<div style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant: normal; font-weight: normal; letter-spacing: normal; line-hei=
ght: normal; orphans: auto; text-align: start; text-indent: 0px; text-trans=
form: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-t=
ext-stroke-width: 0px;" class=3D"">
Asst. ISO</div>
<div style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant: normal; font-weight: normal; letter-spacing: normal; line-hei=
ght: normal; orphans: auto; text-align: start; text-indent: 0px; text-trans=
form: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-t=
ext-stroke-width: 0px;" class=3D"">
Old Dominion university </div>
<div style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant: normal; font-weight: normal; letter-spacing: normal; line-hei=
ght: normal; orphans: auto; text-align: start; text-indent: 0px; text-trans=
form: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-t=
ext-stroke-width: 0px;" class=3D"">
<br class=3D"">
On Jun 13, 2015, at 9:17 AM, Mayne, Jim <<a href=3D"mailto:j.mayne@TCU.E=
DU" style=3D"color: rgb(149, 79, 114); text-decoration: underline;" class=
=3D"">j.mayne () TCU EDU</a>> wrote:<br class=3D"">
<br class=3D"">
</div>
<blockquote type=3D"cite" style=3D"font-family: Helvetica; font-size: 12px;=
font-style: normal; font-variant: normal; font-weight: normal; letter-spac=
ing: normal; line-height: normal; orphans: auto; text-align: start; text-in=
dent: 0px; text-transform: none; white-space: normal; widows: auto; word-sp=
acing: 0px; -webkit-text-stroke-width: 0px;" class=3D"">
<div class=3D"">
<div class=3D"WordSection1" style=3D"page: WordSection1;">
<div style=3D"margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calib=
ri, sans-serif;" class=3D"">
<span style=3D"font-size: 12pt; color: rgb(0, 32, 96);" class=3D"">At TCU t=
here is more and more use of our facilities during the summer for children=
=92s camps of one sort or another (e.g. baseball, cheerleading, music). In =
most cases these are children under 18
and in many cases they are under 13.<span class=3D"Apple-converted-space">=
</span><o:p class=3D""></o:p></span></div>
<div style=3D"margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calib=
ri, sans-serif;" class=3D"">
<span style=3D"font-size: 12pt; color: rgb(0, 32, 96);" class=3D""> </=
span></div>
<div style=3D"margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calib=
ri, sans-serif;" class=3D"">
<span style=3D"font-size: 12pt; color: rgb(0, 32, 96);" class=3D"">Are ther=
e legal or compliance issues we need to consider if we provide them with gu=
est network account so they can access the internet while staying on campus=
?<o:p class=3D""></o:p></span></div>
<div style=3D"margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calib=
ri, sans-serif;" class=3D"">
<span style=3D"font-size: 12pt; color: rgb(0, 32, 96);" class=3D""> </=
span></div>
<div style=3D"margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calib=
ri, sans-serif;" class=3D"">
<span style=3D"font-size: 12pt; color: rgb(0, 32, 96);" class=3D"">If so wo=
uld it matter if they used the accounts in a supervised classroom setting o=
r unsupervised in a dorm room overnight?<o:p class=3D""></o:p></span></div>
<div style=3D"margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calib=
ri, sans-serif;" class=3D"">
<span style=3D"font-size: 12pt; color: rgb(0, 32, 96);" class=3D""> </=
span></div>
<div style=3D"margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calib=
ri, sans-serif;" class=3D"">
<span style=3D"font-size: 12pt; color: rgb(0, 32, 96);" class=3D"">We do no=
t do any content filtering on our network.<o:p class=3D""></o:p></span></di=
v>
<div style=3D"margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calib=
ri, sans-serif;" class=3D"">
<span style=3D"font-size: 12pt; color: rgb(0, 32, 96);" class=3D""> </=
span></div>
<div style=3D"margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calib=
ri, sans-serif;" class=3D"">
<span style=3D"font-size: 12pt; color: rgb(0, 32, 96);" class=3D"">Thanks,<=
o:p class=3D""></o:p></span></div>
<div style=3D"margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calib=
ri, sans-serif;" class=3D"">
<span style=3D"font-size: 12pt; color: rgb(0, 32, 96);" class=3D"">Jim<o:p =
class=3D""></o:p></span></div>
<div style=3D"margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calib=
ri, sans-serif;" class=3D"">
<span style=3D"font-size: 12pt; color: rgb(0, 32, 96);" class=3D""> </=
span></div>
<div style=3D"margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calib=
ri, sans-serif;" class=3D"">
<span style=3D"font-size: 10pt; color: gray;" class=3D"">Jim Mayne<o:p clas=
s=3D""></o:p></span></div>
<div style=3D"margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calib=
ri, sans-serif;" class=3D"">
<span style=3D"font-size: 10pt; color: gray;" class=3D"">Information Securi=
ty Services<o:p class=3D""></o:p></span></div>
<div style=3D"margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calib=
ri, sans-serif;" class=3D"">
<o:p class=3D""> </o:p></div>
</div>
</div>
</blockquote>
<blockquote type=3D"cite" style=3D"font-family: Helvetica; font-size: 12px;=
font-style: normal; font-variant: normal; font-weight: normal; letter-spac=
ing: normal; line-height: normal; orphans: auto; text-align: start; text-in=
dent: 0px; text-transform: none; white-space: normal; widows: auto; word-sp=
acing: 0px; -webkit-text-stroke-width: 0px;" class=3D"">
<div class=3D""><span class=3D""></span><br class=3D"">
<span class=3D"">--<span class=3D"Apple-converted-space"> </span></spa=
n><br class=3D"">
<span class=3D"">BEGIN-ANTISPAM-VOTING-LINKS</span><br class=3D"">
<span class=3D"">------------------------------------------------------</sp=
an><br class=3D"">
<span class=3D""></span><br class=3D"">
<span class=3D"">Teach CanIt if this mail (ID 03ODNhyax) is spam:</span><br=
class=3D"">
<span class=3D"">Spam: <a href=3D=
"https://www.spamtrap.odu.edu/canit/b.php?i=3D03ODNhyax&m=3D16d106f4d97=
a&t=3D20150613&c=3Ds" style=3D"color: rgb(149, 79, 114); text-decor=
ation: underline;" class=3D"">https://www.spamtrap.odu.edu/canit/b.php?i=3D=
03ODNhyax&m=3D16d106f4d97a&t=3D20150613&c=3Ds</a></span><br cla=
ss=3D"">
<span class=3D"">Not spam: <a href=3D"https://www.spamtra=
p.odu.edu/canit/b.php?i=3D03ODNhyax&m=3D16d106f4d97a&t=3D20150613&a=
mp;c=3Dn" style=3D"color: rgb(149, 79, 114); text-decoration: underline;" c=
lass=3D"">https://www.spamtrap.odu.edu/canit/b.php?i=3D03ODNhyax&m=3D16=
d106f4d97a&t=3D20150613&c=3Dn</a></span><br class=3D"">
<span class=3D"">Forget vote:<span class=3D"Apple-converted-space"> </=
span><a href=3D"https://www.spamtrap.odu.edu/canit/b.php?i=3D03ODNhyax&=
m=3D16d106f4d97a&t=3D20150613&c=3Df" style=3D"color: rgb(149, 79, 1=
14); text-decoration: underline;" class=3D"">https://www.spamtrap.odu.edu/c=
anit/b.php?i=3D03ODNhyax&m=3D16d106f4d97a&t=3D20150613&c=3Df</a=
</span><br class=3D"">
<span class=3D"">------------------------------------------------------</sp= an><br class=3D""> <span class=3D"">END-ANTISPAM-VOTING-LINKS</span></div> </blockquote> </div> </blockquote> </div> <br class=3D""> </div> </div> </body> </html> --_000_578EAA521DF4410F83CF7DBA1AC54A43cornelledu_-- ------------------------------ Date: Sat, 13 Jun 2015 12:46:08 -0700 From: Rossella Mariotti-Jones <rossella.mariotti.jones () CHEMEKETA EDU> Subject: <No subject given> --001a113ebcded8184e05186b79c0 Content-Type: text/plain; charset=UTF-8 Hello Tracy, one of these situations applies to us, so we already know we have to comply, unless we change the situation which will take some time. We have our network designed in such a way that we can pretty easily identify where the feds would need to plug in to get the traffic they need, and in the very near future well roll out user ID for 90% of our internal users. What I'm trying to do is figure out if this is enough to say "yes we are compliant". On Jun 13, 2015 00:26, "Tracy Beth Mitrano" <tbm3 () cornell edu> wrote:
Rosella, I agree with what Mark outlined and will add for more clarification that unless your network supplies the public with Internet service, as for example with a fee, or it connects directly to the Internet, instead of going through a commercial provider, the network is exempt from CALEA. Best, Tracy On Jun 12, 2015, at 6:31 AM, Berman, Mark <mberman () siena edu> wrote: Rosella, I think the articles you are reading are from when CALEA was first passed and interpretations had not been written. The commonly accepted reading of the law now is that it exempts "private networks" and most higher ed institutions define themselves as private networks. There has been some "forgetting" about CALEA in recent years and I've read postings on this list about colleges who allow open access to their networks; my take is that if you run some kind of Network Access Control (NAC) and only allow full access to people with accounts in your system, along with guest access where people register their names and reasons for being on campus, then you can in good faith define yourself as "private" and exempt from CALEA. I remember the ALA (libraries) issuing a legal opinion that libraries were exempt for other reasons and that opinion is available on the Educause site here: http://www.educause.edu/library/resources/libraries-are-exempt-calea-wiretap-obligations Bottom line, it's a lot easier to declare yourself exempt than to spend money on hardware to try and comply. As far as I know this has never been litigated and until it is and a judge says I'm wrong, I'll stand on that opinion. - Mark -- Mark Berman, Chief Information Officer Siena College 515 Loudon Road Loudonville, NY 12211 (518)782-6957, Fax: (518)783-2590 *Siena College is a learning community advancing the ideals of a liberal arts education, rooted in its identity as a Franciscan and Catholic institution. * *CONFIDENTIALITY NOTICE: This e-mail, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you received this e-mail and are not the intended recipient, please inform the sender by e-mail reply and destroy all copies of the original message.* On 6-11-15, Rossella Mariotti-Jones Wrote:Hello all, I found the following FAQ on Educause and I have some questions about how the compliance technically works. At some point in the past when we were figuring out how to comply, someone suggested that as long as we can supply a span port on various key pieces of equipment we could be ok because the Feds will come in with their own boxes. Is this at all close to what happens in reality? and if not, what is the college required to provide? TIA. http://www.educause.edu/focus-areas-and-initiatives/policy-and-security/educause-policy/issues-and-positions/networking-and-telecommunications/tfaq rossella mariotti-jones | network analyst | information technology | chemeketa community college | p: 503-589-7775 | e: rmariott () chemeketa edu <https://mail.google.com/mail/?view=cm&fs=1&tf=1&to=rmariott () chemeketa edu>
--001a113ebcded8184e05186b79c0 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable <p dir=3D"ltr">Hello Tracy,=C2=A0 one of these situations applies to us, so= we already know we have to comply,=C2=A0 unless we change the situation wh= ich will take some time. We have our network designed in such a way that we= can pretty easily identify where the feds would need to plug in to get the= traffic they need, and in the very near future well roll out user ID for 9= 0% of our internal users. What I'm trying to do is figure out if this i= s enough to say "yes we are compliant".</p> <div class=3D"gmail_quote">On Jun 13, 2015 00:26, "Tracy Beth Mitrano&= quot; <<a href=3D"mailto:tbm3 () cornell edu">tbm3 () cornell edu</a>> wrot= e:<br type=3D"attribution"><blockquote class=3D"gmail_quote" style=3D"margi= n:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div style=3D"word-wrap:break-word"> Rosella,=C2=A0 <div><br> </div> <div>I agree with what Mark outlined and will add for more clarification th= at unless your network supplies the public with Internet service, as for ex= ample with a fee, or it connects directly to the Internet, instead of going= through a commercial provider, the network is exempt from CALEA.</div> <div><br> </div> <div>Best, Tracy</div> <div><br> </div> <div><br> <div> <blockquote type=3D"cite"> <div>On Jun 12, 2015, at 6:31 AM, Berman, Mark <<a href=3D"mailto:mberma= n () siena edu" target=3D"_blank">mberman () siena edu</a>> wrote:</div> <br> <div> <div dir=3D"ltr">Rosella, <div><br> </div> <div>I think the articles you are reading are from when CALEA was first pas= sed and interpretations had not been written. The commonly accepted reading= of the law now is that it exempts "private networks" and most hi= gher ed institutions define themselves as private networks. There has been some "forgetting" about CALE= A in recent years and I've read postings on this list about colleges wh= o allow open access to their networks; my take is that if you run some kind= of Network Access Control (NAC) and only allow full access to people with accounts in your system, along with guest acces= s where people register their names and reasons for being on campus, then y= ou can in good faith define yourself as "private" and exempt from= CALEA. I remember the ALA (libraries) issuing a legal opinion that libraries were exempt for other reasons and that opin= ion is available on the Educause site here:=C2=A0<a href=3D"http://www.educ= ause.edu/library/resources/libraries-are-exempt-calea-wiretap-obligations" = target=3D"_blank">http://www.educause.edu/library/resources/libraries-are-e= xempt-calea-wiretap-obligations</a></div> <div><br> </div> <div>Bottom line, it's a lot easier to declare yourself exempt than to = spend money on hardware to try and comply. As far as I know this has never = been litigated and until it is and a judge says I'm wrong, I'll sta= nd on that opinion.</div> <div><br> </div> <div>=C2=A0- Mark <div dir=3D"ltr"> <div style=3D"font-family:arial,sans-serif;font-size:13px">--</div> <span style=3D"font-family:arial,sans-serif;font-size:13px">Mark Berman, Ch= ief Information Officer</span><br style=3D"font-family:arial,sans-serif;fon= t-size:13px"> <span style=3D"font-family:arial,sans-serif;font-size:13px">Siena College</= span><br style=3D"font-family:arial,sans-serif;font-size:13px"> <span style=3D"font-family:arial,sans-serif;font-size:13px">515 Loudon Road= </span><br style=3D"font-family:arial,sans-serif;font-size:13px"> <span style=3D"font-family:arial,sans-serif;font-size:13px">Loudonville, NY= =C2=A012211</span><br style=3D"font-family:arial,sans-serif;font-size:13px= "> <a value=3D"+15187826957" style=3D"font-family:arial,sans-serif;font-size:1= 3px">(518)782-6957</a><span style=3D"font-family:arial,sans-serif;font-size= :13px">, =C2=A0Fax:=C2=A0</span><a value=3D"+15187832590" style=3D"font-fam= ily:arial,sans-serif;font-size:13px">(518)783-2590</a><br style=3D"font-fam= ily:arial,sans-serif;font-size:13px"> <i style=3D"font-family:arial,sans-serif;font-size:13px"><font size=3D"1"><= b><font color=3D"#006600">Siena College is a learning community advancing t= he ideals of a liberal arts education, rooted in its identity as a Francisc= an and Catholic institution.</font><br> </b></font></i><br style=3D"font-family:arial,sans-serif;font-size:13px"> <span style=3D"font-family:arial,sans-serif;font-size:13px"><font size=3D"1= "><i>CONFIDENTIALITY NOTICE: This e-mail, including any attachments, is for= the sole use of the intended recipient(s) and may contain confidential and= privileged information. Any unauthorized review, use, disclosure, or distribution is = prohibited. If you received this e-mail and are not the intended recipient,= please inform the sender by e-mail reply and destroy all copies of the ori= ginal message.</i></font></span><br> </div> </div> <div><br> <div>On 6-11-15,=C2=A0<span style=3D"font-family:monospace;font-size:14px">= Rossella Mariotti-Jones Wrote:</span></div> <blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-= left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p= adding-left:1ex"> <span style=3D"font-family:Times;font-size:inherit">Hello all, I found the = following FAQ on Educause and I have some questions about how the complianc= e technically works. At some point in the past when we were figuring out ho= w to comply, someone suggested that as long as we can supply a span port on various key pieces = of equipment we could be ok because the Feds will come in with their own bo= xes. Is this at all close to what happens in reality? and if not, what is t= he college required to provide?<br> </span>TIA.<br> <a href=3D"http://www.educause.edu/focus-areas-and-initiatives/policy-and-s= ecurity/educause-policy/issues-and-positions/networking-and-telecommunicati= ons/tfaq" target=3D"_blank">http://www.educause.edu/focus-areas-and-initiat= ives/policy-and-security/educause-policy/issues-and-positions/networking-an= d-telecommunications/tfaq</a><br> rossella mariotti-jones | network analyst | information technology | chemek= eta community college | p: <a href=3D"tel:503-589-7775" value=3D"+150358977= 75" target=3D"_blank">503-589-7775</a> | e:=C2=A0<a href=3D"https://mail.go= ogle.com/mail/?view=3Dcm&fs=3D1&tf=3D1&to=3Drmariott@chemeketa.= edu" target=3D"_blank">rmariott () chemeketa edu</a></blockquote> </div> </div> </div> </blockquote> </div> <br> </div> </div> </blockquote></div> --001a113ebcded8184e05186b79c0-- ------------------------------ Date: Sat, 13 Jun 2015 20:13:21 +0000 From: Tracy Beth Mitrano <tbm3 () CORNELL EDU> Subject: <No subject given> --_000_4588684A905E4DB8865392F035B6551Fcornelledu_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable If you think you ring the bell of one of these conditions, Rosella, I would= have legal counsel together with the CIO review the matter and then work w= ith federal law enforcement (local technical arm of F.B.I. or federal prose= cutor in your area, D.O.J.) to determine the specifications. Feel free to write me separately if you think a chat would help more. Thanks, Tracy On Jun 13, 2015, at 3:46 PM, Rossella Mariotti-Jones <rossella.mariotti.jon= es () CHEMEKETA EDU<mailto:rossella.mariotti.jones () CHEMEKETA EDU>> wrote: Hello Tracy, one of these situations applies to us, so we already know we = have to comply, unless we change the situation which will take some time. = We have our network designed in such a way that we can pretty easily identi= fy where the feds would need to plug in to get the traffic they need, and i= n the very near future well roll out user ID for 90% of our internal users.= What I'm trying to do is figure out if this is enough to say "yes we are c= ompliant". On Jun 13, 2015 00:26, "Tracy Beth Mitrano" <tbm3 () cornell edu<mailto:tbm3@c= ornell.edu>> wrote: Rosella, I agree with what Mark outlined and will add for more clarification that un= less your network supplies the public with Internet service, as for example= with a fee, or it connects directly to the Internet, instead of going thro= ugh a commercial provider, the network is exempt from CALEA. Best, Tracy On Jun 12, 2015, at 6:31 AM, Berman, Mark <mberman () siena edu<mailto:mberman= @siena.edu>> wrote: Rosella, I think the articles you are reading are from when CALEA was first passed a= nd interpretations had not been written. The commonly accepted reading of t= he law now is that it exempts "private networks" and most higher ed institu= tions define themselves as private networks. There has been some "forgettin= g" about CALEA in recent years and I've read postings on this list about co= lleges who allow open access to their networks; my take is that if you run = some kind of Network Access Control (NAC) and only allow full access to peo= ple with accounts in your system, along with guest access where people regi= ster their names and reasons for being on campus, then you can in good fait= h define yourself as "private" and exempt from CALEA. I remember the ALA (l= ibraries) issuing a legal opinion that libraries were exempt for other reas= ons and that opinion is available on the Educause site here: http://www.edu= cause.edu/library/resources/libraries-are-exempt-calea-wiretap-obligations Bottom line, it's a lot easier to declare yourself exempt than to spend mon= ey on hardware to try and comply. As far as I know this has never been liti= gated and until it is and a judge says I'm wrong, I'll stand on that opinio= n. - Mark -- Mark Berman, Chief Information Officer Siena College 515 Loudon Road Loudonville, NY 12211 (518)782-6957, Fax: (518)783-2590 Siena College is a learning community advancing the ideals of a liberal art= s education, rooted in its identity as a Franciscan and Catholic institutio= n. CONFIDENTIALITY NOTICE: This e-mail, including any attachments, is for the = sole use of the intended recipient(s) and may contain confidential and priv= ileged information. Any unauthorized review, use, disclosure, or distributi= on is prohibited. If you received this e-mail and are not the intended reci= pient, please inform the sender by e-mail reply and destroy all copies of t= he original message. On 6-11-15, Rossella Mariotti-Jones Wrote: Hello all, I found the following FAQ on Educause and I have some questions = about how the compliance technically works. At some point in the past when = we were figuring out how to comply, someone suggested that as long as we ca= n supply a span port on various key pieces of equipment we could be ok beca= use the Feds will come in with their own boxes. Is this at all close to wha= t happens in reality? and if not, what is the college required to provide? TIA. http://www.educause.edu/focus-areas-and-initiatives/policy-and-security/edu= cause-policy/issues-and-positions/networking-and-telecommunications/tfaq rossella mariotti-jones | network analyst | information technology | chemek= eta community college | p: 503-589-7775<tel:503-589-7775> | e: rmariott@che= meketa.edu<https://mail.google.com/mail/?view=3Dcm&fs=3D1&tf=3D1&to=3Drmari= ott () chemeketa edu> --_000_4588684A905E4DB8865392F035B6551Fcornelledu_ Content-Type: text/html; charset="us-ascii" Content-ID: <4B79E163D8788047811890E7621C3842 () namprd04 prod outlook com> Content-Transfer-Encoding: quoted-printable <html> <head> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
</head> <body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin= e-break: after-white-space;" class=3D""> If you think you ring the bell of one of these conditions, Rosella, I would= have legal counsel together with the CIO review the matter and then work w= ith federal law enforcement (local technical arm of F.B.I. or federal prose= cutor in your area, D.O.J.) to determine the specifications. <div class=3D""><br class=3D""> </div> <div class=3D"">Feel free to write me separately if you think a chat would = help more.</div> <div class=3D""><br class=3D""> </div> <div class=3D"">Thanks, Tracy</div> <div class=3D""><br class=3D""> </div> <div class=3D""><br class=3D""> <div> <blockquote type=3D"cite" class=3D""> <div class=3D"">On Jun 13, 2015, at 3:46 PM, Rossella Mariotti-Jones <<a= href=3D"mailto:rossella.mariotti.jones () CHEMEKETA EDU" class=3D"">rossella.= mariotti.jones () CHEMEKETA EDU</a>> wrote:</div> <br class=3D"Apple-interchange-newline"> <div class=3D""> <p dir=3D"ltr" class=3D"">Hello Tracy, one of these situations applie= s to us, so we already know we have to comply, unless we change the s= ituation which will take some time. We have our network designed in such a = way that we can pretty easily identify where the feds would need to plug in to get the traffic they need, and in the very n= ear future well roll out user ID for 90% of our internal users. What I'm tr= ying to do is figure out if this is enough to say "yes we are complian= t".</p> <div class=3D"gmail_quote">On Jun 13, 2015 00:26, "Tracy Beth Mitrano&= quot; <<a href=3D"mailto:tbm3 () cornell edu" class=3D"">tbm3 () cornell edu</= a>> wrote:<br type=3D"attribution" class=3D""> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p= x #ccc solid;padding-left:1ex"> <div style=3D"word-wrap:break-word" class=3D"">Rosella, <div class=3D""><br class=3D""> </div> <div class=3D"">I agree with what Mark outlined and will add for more clari= fication that unless your network supplies the public with Internet service= , as for example with a fee, or it connects directly to the Internet, inste= ad of going through a commercial provider, the network is exempt from CALEA.</div> <div class=3D""><br class=3D""> </div> <div class=3D"">Best, Tracy</div> <div class=3D""><br class=3D""> </div> <div class=3D""><br class=3D""> <div class=3D""> <blockquote type=3D"cite" class=3D""> <div class=3D"">On Jun 12, 2015, at 6:31 AM, Berman, Mark <<a href=3D"ma= ilto:mberman () siena edu" target=3D"_blank" class=3D"">mberman () siena edu</a>&= gt; wrote:</div> <br class=3D""> <div class=3D""> <div dir=3D"ltr" class=3D"">Rosella, <div class=3D""><br class=3D""> </div> <div class=3D"">I think the articles you are reading are from when CALEA wa= s first passed and interpretations had not been written. The commonly accep= ted reading of the law now is that it exempts "private networks" = and most higher ed institutions define themselves as private networks. There has been some "forgetting" about CALE= A in recent years and I've read postings on this list about colleges who al= low open access to their networks; my take is that if you run some kind of = Network Access Control (NAC) and only allow full access to people with accounts in your system, along with guest acces= s where people register their names and reasons for being on campus, then y= ou can in good faith define yourself as "private" and exempt from= CALEA. I remember the ALA (libraries) issuing a legal opinion that libraries were exempt for other reasons and that opin= ion is available on the Educause site here: <a href=3D"http://www.educ= ause.edu/library/resources/libraries-are-exempt-calea-wiretap-obligations" = target=3D"_blank" class=3D"">http://www.educause.edu/library/resources/libr= aries-are-exempt-calea-wiretap-obligations</a></div> <div class=3D""><br class=3D""> </div> <div class=3D"">Bottom line, it's a lot easier to declare yourself exempt t= han to spend money on hardware to try and comply. As far as I know this has= never been litigated and until it is and a judge says I'm wrong, I'll stan= d on that opinion.</div> <div class=3D""><br class=3D""> </div> <div class=3D""> - Mark <div dir=3D"ltr" class=3D""> <div style=3D"font-family:arial,sans-serif;font-size:13px" class=3D"">--</d= iv> <span style=3D"font-family:arial,sans-serif;font-size:13px" class=3D"">Mark= Berman, Chief Information Officer</span><br style=3D"font-family:arial,san= s-serif;font-size:13px" class=3D""> <span style=3D"font-family:arial,sans-serif;font-size:13px" class=3D"">Sien= a College</span><br style=3D"font-family:arial,sans-serif;font-size:13px" c= lass=3D""> <span style=3D"font-family:arial,sans-serif;font-size:13px" class=3D"">515 = Loudon Road</span><br style=3D"font-family:arial,sans-serif;font-size:13px"= class=3D""> <span style=3D"font-family:arial,sans-serif;font-size:13px" class=3D"">Loud= onville, NY 12211</span><br style=3D"font-family:arial,sans-serif;fon= t-size:13px" class=3D""> <a value=3D"+15187826957" style=3D"font-family:arial,sans-serif;font-si= ze:13px" class=3D"">(518)782-6957</a><span style=3D"font-family:arial,sans-= serif;font-size:13px" class=3D"">, Fax: </span><a value=3D"+= 15187832590" style=3D"font-family:arial,sans-serif;font-size:13px" class=3D= "">(518)783-2590</a><br style=3D"font-family:arial,sans-serif;font-size:13p= x" class=3D""> <i style=3D"font-family:arial,sans-serif;font-size:13px" class=3D""><font s= ize=3D"1" class=3D""><b class=3D""><font color=3D"#006600" class=3D"">Siena= College is a learning community advancing the ideals of a liberal arts edu= cation, rooted in its identity as a Franciscan and Catholic institution.</font><br class=3D""> </b></font></i><br style=3D"font-family:arial,sans-serif;font-size:13px" cl= ass=3D""> <span style=3D"font-family:arial,sans-serif;font-size:13px" class=3D""><fon= t size=3D"1" class=3D""><i class=3D"">CONFIDENTIALITY NOTICE: This e-mail, = including any attachments, is for the sole use of the intended recipient(s)= and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is = prohibited. If you received this e-mail and are not the intended recipient,= please inform the sender by e-mail reply and destroy all copies of the ori= ginal message.</i></font></span><br class=3D""> </div> </div> <div class=3D""><br class=3D""> <div class=3D"">On 6-11-15, <span style=3D"font-family:monospace;font-= size:14px" class=3D"">Rossella Mariotti-Jones Wrote:</span></div> <blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-= left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p= adding-left:1ex"> <span style=3D"font-family:Times;font-size:inherit" class=3D"">Hello all, I= found the following FAQ on Educause and I have some questions about how th= e compliance technically works. At some point in the past when we were figu= ring out how to comply, someone suggested that as long as we can supply a span port on various key pieces of equipme= nt we could be ok because the Feds will come in with their own boxes. Is th= is at all close to what happens in reality? and if not, what is the college= required to provide?<br class=3D""> </span>TIA.<br class=3D""> <a href=3D"http://www.educause.edu/focus-areas-and-initiatives/policy-and-s= ecurity/educause-policy/issues-and-positions/networking-and-telecommunicati= ons/tfaq" target=3D"_blank" class=3D"">http://www.educause.edu/focus-areas-= and-initiatives/policy-and-security/educause-policy/issues-and-positions/ne= tworking-and-telecommunications/tfaq</a><br class=3D""> rossella mariotti-jones | network analyst | information technology | chemek= eta community college | p: <a href=3D"tel:503-589-7775" value=3D"+15035897775" target=3D"_blank" c= lass=3D"">503-589-7775</a> | e: <a href=3D"https://mail.google.com/mai= l/?view=3Dcm&fs=3D1&tf=3D1&to=3Drmariott () chemeketa edu" target= =3D"_blank" class=3D"">rmariott () chemeketa edu</a></blockquote> </div> </div> </div> </blockquote> </div> <br class=3D""> </div> </div> </blockquote> </div> </div> </blockquote> </div> <br class=3D""> </div> </body> </html> --_000_4588684A905E4DB8865392F035B6551Fcornelledu_-- ------------------------------ End of SECURITY Digest - 12 Jun 2015 to 13 Jun 2015 (#2015-110) ***************************************************************
Current thread:
- Re: SECURITY Digest - 12 Jun 2015 to 13 Jun 2015 (#2015-110) Conlee, Keith (Jul 23)