Re: [External] Re: [SECURITY] Access to Porn sites?

[Thomas Dugas <dugast () DUQ EDU>]

Hello all Duquesne University blocked adult sight for all of our Administrative networks. We left our student wireless 
alone for the time being. Interesting enough the reason we did was because of Title IX concerns. Of course we haven’t 
heard one complaint, but as a Catholic institution I don’t think they really want to try to make their argument to our 
administration.

We may look at student’s wireless devices at some point in the future but we do block our lab computers. We haven’t 
thought about blocking proxy/vpn services but think that’s well worth looking into.

Tom Dugas, AVP/CISO
Duquesne University CTS

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of David Eilken
Sent: Thursday, August 15, 2019 1:36 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [External] Re: [SECURITY] Access to Porn sites?

Thanks all for responses on this. Regarding the larger topic of Academic Freedom, which doesn't make the Internet open 
and fully accessible.  We all (users of technology) have to block things - lots of things. As technology professionals, 
we all know this. It is simply not practical or ethical to have a fully open computing environment.  Boundaries are a 
necessity; besides your ISP would shut you down at some point.

I like Randy at VA Tech's thoughts that were focused on the technical controls. Regardless of the content, there are 
things that are known bad. We all should be blocking bad things. However we determine what is bad (different vendors 
have different kinds/ quality of intelligence), there will always be false-positives. We still have to draw lines in 
the sand and those lines will never be perfect.

Sometimes faculty and other non-technical people may get this confused. We all already block/ filter bad things, some 
porn/gambling sites will cross that line and should be filtered. If you can't draw your lines as clear as some, with 
the intelligence sources as Randy noted, it comes down to your level of risk tolerance. The risks with porn surfing 
specifically change daily but generally, we know it to be bad. I personally believe you should block it and provide 
exceptions where needed. That is a prudent and practical approach, as the risks are real and significant, and the 
actual permitted use cases for access to it are few.

Dave E


On Thu, Aug 15, 2019 at 8:57 AM Valdis Klētnieks <valdis.kletnieks () vt edu<mailto:valdis.kletnieks () vt edu>> wrote:
On Thu, 15 Aug 2019 07:13:39 -0700, Babak Oskouian said:

> Another concern is 18 U.S. Code  2258A.  As you know 18 U.S. Code  2258A
> explicitly requires all Internet providers to report any and all digital
> viewing, downloading and possession of child pornography to the National
> Center for Missing and Exploited Children. Very stiff penalties ($150,000
> first incidence, and $300,000 second incidence) are imposed on any provider
> for failure to report.  Do you think (or has your legal counsel explicitly
> assured you) that your institute is exempt form this law?

This is well into very tricky legal territory indeed, because it's a field
where writing the laws to avoid unintended consequences is very difficult.
18 USC 2258A only requires reporting child pornography that you're aware of.
If you don't know about it, you don't have to report it.  This means that the ISP
is better off not searching user datastreams for it, especially in combination
with...

Meanwhile, at the state level, possession of child pornography is usually a
'strict liability' offense, meaning there's no mens rea (state of mind)
component to it. This means that if a user accidentally downloads some CP
because it was labeled "Pirated Copy Of This Year's Top Movie.mp4", they have
an *extremely high* DIS-incentive to report it, because they now have child
pornography on their computer.  And since consideration of intent is
prohibited, that means that the fact you had no intent doesn't matter - you
downloaded it, you have it (or had it) on your computer and that alone is
sufficient to make you guilty of possession yourself.

Who is going to report accidentally discovered child pornography when you
have to take it on faith that the police and district attorney are going to believe
that it's accidental? (See other post regarding porn sites that don't do their
due diligence regarding 18 USC 2257 record keeping....)

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cdugast%40DUQ.EDU%7Ceb8556b707f94d5ae66008d721a70d9d%7C12c44311cf844e4195c38df690b1eb61%7C0%7C0%7C637014873679803302&sdata=awSJddXbSwbMxKNW8wJd9g0o6MJTFcedP75wGZ65VQI%3D&reserved=0>


--
[Maricopa Community College District Office logo]
DAVID EILKEN MA MBA CISSP-ISSMP CISM CRISC C|CISO
MARICOPA COMMUNITY COLLEGES
Information Security Officer | ITS
2411 West 14th Street, Tempe, AZ 85281
david.eilken () domail maricopa edu<mailto:david.eilken () domail maricopa edu>
https://www.maricopa.edu/<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.maricopa.edu%2F&data=02%7C01%7Cdugast%40DUQ.EDU%7Ceb8556b707f94d5ae66008d721a70d9d%7C12c44311cf844e4195c38df690b1eb61%7C0%7C0%7C637014873679808294&sdata=O9cCsA54oDY9Ukm8DrgBjojL7jtYJownEDcBldJZpS4%3D&reserved=0>
O: 480-784-0637
LinkedIn 
<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flinkedin.com%2Fschool%2Fmaricopa-community-colleges&data=02%7C01%7Cdugast%40DUQ.EDU%7Ceb8556b707f94d5ae66008d721a70d9d%7C12c44311cf844e4195c38df690b1eb61%7C0%7C0%7C637014873679813295&sdata=HkKxItUkQzlBVsvmlS1IL0WnUoaHHPkX%2FWZDpmkfbT8%3D&reserved=0>
 | Twitter 
<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fmcccd&data=02%7C01%7Cdugast%40DUQ.EDU%7Ceb8556b707f94d5ae66008d721a70d9d%7C12c44311cf844e4195c38df690b1eb61%7C0%7C0%7C637014873679818275&sdata=DyB5%2FRew41zDArqXTMQhNHIbf%2FXbWQpkC4Gxw0CC3v0%3D&reserved=0>
 | 
Facebook<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2Fmaricopa.edu&data=02%7C01%7Cdugast%40DUQ.EDU%7Ceb8556b707f94d5ae66008d721a70d9d%7C12c44311cf844e4195c38df690b1eb61%7C0%7C0%7C637014873679823266&sdata=u%2Bm5Kdt2q5jXqvm2sK%2BE%2BIVK7CoHJ6TTRktBdjJJQGE%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cdugast%40DUQ.EDU%7Ceb8556b707f94d5ae66008d721a70d9d%7C12c44311cf844e4195c38df690b1eb61%7C0%7C0%7C637014873679823266&sdata=KM32Gf13rTLzP5pKaIuN3CdjLpQ6KzZ%2FY40YkTWFfWw%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community