Internet Usage Records Accessible Under FOI Laws 171
The records in question are log files created by the schools' proxy servers of what URLs are accessed by the student body. The school district in question isn't censoring Internet access with any sort of censorware product (they use teachers to monitor what students are accessing), and the parent would like to prove that the students are accessing porn sites. I do not believe it is an invasion of privacy to access these records; if there was an invasion of privacy, it occurred when the school district collected the records on their students, not when someone else requested to see them.
Some comments of mine that didn't make it into the Times article: I hope that this situation casts some light on Internet usage at public facilities. Many, many Internet services are set up to create detailed log files by default -- proxy servers, Web servers, various login mechanisms and authentication mechanisms, etc. These records are being collected, and they are just lying around on machines or tape backups here and there, and they are, if the entity that collected them is a public entity, public records accessible under FOI laws. If you want to prove that your local school/library shouldn't be censoring the Internet, request the records. (I'll help! E-mail me.) If you want to prove that your local school/library should be censoring the Internet, well, I won't help, but I still support your right to get access to public files.
And while this situation is about records collected by public entities, the same records are routinely collected by private entities as well. Is your Web access going through a proxy server at your ISP? (The answer is more likely to be "yes" than "no," by the way -- a proxy can be installed that is transparent to the end-user.) Then your ISP is collecting detailed records of every single URL you access through their service. How long are these records being retained? Who is the ISP selling them to? Do you know?
Go private (Score:1)
You might want to ask about (Score:1)
No Big Deal (Score:1)
Re:Is this really an invasion... (Score:1)
although you can trace access back to a terminal, you cannot reliably trace it to a user. In other words, it can be found that someone accessed www.1337pr0n.com at such-and-such time, but it cannot find who that was.
Depends. I'm assuming this is a Windows network - if people are logged in, the proxy server is almost certainly recording exactly who accesses www.1337pr0n.com. This is what you'd expect in a workplace where everyone has user accounts, obviously not what you'd expect in a library, where all the terminals will surely just be logged in as guest accounts. A school? Could be set up either way..
However, if you peruse the article in question, it makes reference to "the cost of redacting the names". Which certainly implies that (a) the logs do have the names of those who were accessing http://goatse.cx and (b) those names aren't going to be revealed.
Re:Please help (Score:1)
Well duh, you've got little x-es where there should be numbers, you dummy! :)
Rev. Dr. Xenophon Fenderson, the Carbon(d)ated, KSC, DEATH, SubGenius, mhm21x16
Judge with a clue? (Score:1)
If I read the Newsbytes article correctly, it sure sounds like the judge had a clue when it comes to technology (e.g. the bit about not having to print out 80,000 pages of logs, merely burn them to CD). Maybe all hope is not yet lost!
Rev. Dr. Xenophon Fenderson, the Carbon(d)ated, KSC, DEATH, SubGenius, mhm21x16
Re:As a parent (Score:1)
The core issue here... (Score:1)
"Knight, a master plumber [nytimes.com] whose four children had attended schools...
OK: the guy doesn't even *have* kids in the public schools now: he's already swept them off into a safe little nook where they are controlled in every thought and act.
And *don't* start with "...but he's paying taxes that support the public schools.." -- his share of the total school district budget is miniscule at best. His share is probably neither substantially larger nor smaller than anyone else's..
All of us are members of the entire society we live in, and a lot of people need to grow up and accept the fact that society at large may by necessity support transactions that we personally don't think much of...
Aha! This is what this is *really* all about: the guy has his own narrow little prejudices, and he's goddamed if he's going to let anybody else look at what he doesn't like.
What's inappropriate? Sites about meat-based diets? Sites about Amnesty International? Sites about AIDS information? Sites about anime? This is *one guy* -- he's got his kids sealed off from what *he* doesn't like, but now he's going to censor what anybody else can look at? And don't doubt for one moment that this is exactly where this is going...
The core problem here is that far too many people have the world-view of a three year-old: "I am the center of the entire universe, and *all* shall bow before my wishes".
The atomization of American culture by the widely-held belief that any single individual can mold collective behavior into his or her own narrow tastes is the serious threat here, not the fact that school district web logs are suddenly public information.
t_t_b
--
I think not; therefore I ain't®
The school board shoulders the blame (Score:1)
The school board on the surface did the right thing by trying to prevent the disclosure of these records. They screwed up massively on two counts though. They made the logs in the first place and if they were required to log them then they should've only been logged as bulk statistics.
The judge seems to have acted in accordance with the states right to know policy unfortunately. The failure in this case solely rests on the school board: They enabled the disclosure of data under the Right to Know Policy by taking the data.
Maybe I'm unclued but.... (Score:1)
Vermifax
Re:Why is this under 'privacy'? (Score:1)
Then why was it that when I worked in a public library, there were signs all over the place reminding us that the privacy of circulation records was protected by law?
If there's no way to identify the student who accesed a particular site, then I don't have much objection. But Schneier's "Secrets and Lies," for example, discusses tricks people use to extract particular data from statistical queries. Do you know that a particular student usually sits in front of a particular workstation (and hence IP address) 6th period? Should his family know that he's looking at www.am-i-gay.com or www.dad-touches-me-where-he-shouldnt.com?
Re:Requesting info (Score:1)
And if they tell you they do it before hand, and you sign a paper that acknowledges that admission, who's to blame when they find you at www.a-triple-x-site.com, and discipline you for it?
Re:Is this really an invasion... (Score:1)
But my point was that tracking traffic per user is doable, easily.
Re:Is this really an invasion... (Score:1)
Since its a school with not only a internet connection, but one with a proxy server (demonstrating its a large network, not just a PC with a modem), we can assume there somewhat technicaly clued. There probably running Netware >4, so they have NDS. And there probably running either BorderManager, or one of the OEM proxy apps thats based on Novels code. Which are all aware. And can all do access control based on usernames, and/or workstation.
Since the proxy server is doing ACLs on usernames (even if its allow everyone everything) it cleary knows who its sending data too.
Should it be logged? As a sysadmin I say: log everything.
Should the logs be accessable to say the school administration? Should they be accessable to just anyone? Harder questions. School Admins: sometimes, probably.
IT sicken's me (Score:1)
You bitch when work reads your email and watches what you do on their computers.
Solution? DONT USE THEIR EQUIPMENT/COMPUTERS!
The laws clearly state that the owner of the equipment can monitor it's use, until that law is changed (really fat chance on that happening!) noone should be suprised, or expect any less.
Hell, most companies have phone monitors cacheing incoming and outgoing phone numbers dialed, and from what extension! We caught a moron making 1-900 calls from his cube, and fired his butt with it!. (Ohhh I violated his privacy!!! boo-hoo. Kisss my white american butt.) If they watch you at home, then that's wrong. But anyone can watch you in public.... that's an american right!
The school did things right, and the parent is right in saying he/she has the right to look at it. NOW: if anything comes of it, "I.E. Look a porn site URL!!!!" it had better come from a IS professional's mouth. Most parents havent a clue on how cacheing logs work, or how the internet works... www.goatse.cx might be serving banner ads along with the sicko crap that is there... (I assume... from reading what others write about it.)
Moral of the story? If you dont want to be watched, dont go outside. If you cant handle that, seek therapy.
Re:Why is this under 'privacy'? (Score:1)
I dont care what country you live in, the GOVT will monitor you if they desire, and they will do it without warning... ("knock,knock... Hello? Yes, sir, I'm from the government and I'll be monitoring you this evening... is there any times you wish that I not be peeking in your windows?")
Given Germany's history, and the close ties to the US govt... they probably have a really nice profile on every citizen that is living there.
Dig for the truth, dont accept what they tell you.
Re:sounds like a marketers dream (Score:1)
duh! just don't save the logs (Score:1)
Re:the good, the bad and the ugly (Score:1)
This ruling says the general public may view those logs. While there is the freedom of information, there is the right to privacy.
Just like many things we use are monitored, there are laws to protect us from an invasion of privacy.
Some interesting propositions... (Score:1)
Are Internet transactions the equivalent of a telephone call? Therefor, the same rules of privacy apply as a telephone call and conversation?
Or is an Internet transaction like a borrowing a book from the library? Even though, the borrowing and returning is instant. So the record of transactions follow the same provacy rules as to what you checked out at your school library.
What if it wasn't a member of the public asking for the information, but a teacher. Teachers have some special privacy privledges equivalent of a parent of students.
Does this ruling apply to any publicly funded entity: Library or even better the Internet transactions logs of our "friends" in Congress or State/Local Government. (I think there was a ruling already on the gov't one)
Re:Why is this under 'privacy'? (Score:1)
Amen. I'm on camera upwards of 30 times a day...
You want cameras? I got your freakin' cameras. [georgia-navigator.com]
--Xantho
Re:This is not about the FOI act. (Score:1)
Re:Is this really an invasion... (Score:1)
Re:This is not about the FOI act. (Score:1)
Sneaky git (Score:2)
He could have just asked!
Re:Why is this under 'privacy'? (Score:2)
Wasn't Fatboy Slim's album artwork "You've Come A Long Way Baby" changed in the US because they couldn't locate the person used in the original album artwork?
...j
Re:As a parent (Score:2)
Re:As a parent (Score:2)
age of majority, and is capable of supporting
herself, then and only then can she expect that
level or privacy. At that point, it will become
her house, her rules.
To put it another way: them's that pays the piper
calls the tune. When you can pay your own way
in the world, that's when you start realizing
freedom.
I'd disagree. The daughter is not capable of supporting herself simply because she is a child. It is not her fault that her father must support her - it is entirely her father's responsibility for having a child, and he must accept that responsibility. Since, supporting the child is a responsibility that comes with having that child, it does not entail any additional rights for the parents - they are not justified in violating their daughter's privacy simply because she does not pay for her own house.
Re:Why is this under 'privacy'? (Score:2)
It did not specifically become a basic right. But since I started this by reporting on the German view on things, I may continue to quote German law. The basic rights of German citizens are written down in the Grundgesetz [bundestag.de]. The first section of that law is about basic rights, and is specifically protected against alteration - yes, we actually did learn something from the past. Freedom of expression in Germany also includes unhindered access to public information sources [bundestag.de]:
Jeder hat das Recht, seine Meinung in Wort, Schrift und Bild frei zu äußern und zu verbreiten und sich aus allgemein zugänglichen Quellen ungehindert zu unterrichten.
translated: Everybody has the right to express his or her opinion freely in word, text or images and to inform himself or herself from publicly available sources.
Given the fact that the internet has become a major information source in Germany, publicly accessible information terminals are being installed in public libraries specifically for the purpose of serving article 5, section 1 of the Grundgesetz. They provide the Grundversorgung (basic service). Basic service is seen as necessary in order to make information available to all citizens so that they can exercise his or her citizens rights and make informed choices in elections and participiate in political life.
German Grundgesetz also defines the legal framework from which the derived basic right of Informationelle Selbstbestimmung (informational self-determination? Someone help me translate that) emerged during the 1974 (I believe) great census. The census rule said that citizen rights include the right to be left alone, and defined how intrusive the state can get and what can or can't be done with the data collected by the state. The census rule ultimately forced German legislature to create a privacy protection act and later led to the creation of a common European privacy framework.
This is very different from the US approach, where there is no such general privicacy protection act and framework, but only a collection of case law, some specific laws and a general reliance on self-regulation within the industry.
© Copyright 2000 Kristian Köhntopp [slashdot.org]
Re:But where does it end? (Score:2)
As for maintaining logs, it's become quite evident that having old logs can both harm you as well as help you in court cases. It's probably in the school's best interest to hold on to these logs, especially since the school is accountable to the public in that system.
Interesting case (Score:2)
I think it may be time to write a few letters, any other NH residents here to join me in that?
The Cure of the ills of Democracy is more Democracy.
Re:What about library records (Score:2)
The Cure of the ills of Democracy is more Democracy.
True, however... (Score:2)
And also, don't forget that logs can be tampered with, if someone has the know-how. Chances are there's at least one person like that in every school, and there's no way to tell who that is short of catching them in the act.
----------
What about library records (Score:2)
Are all public institution records fair game? (except ones relating to national security)
-ec
That may be comforting in theory (Score:2)
You see this is great myth of the Right. That you personally need to give your detailed and instant approval to anything no matter how small the detail in order for the government to be legitimate. The fact is, you're a citizen a part of community and there are going to be things that you personally don't agree with. For anything else to be the case is an excuse for tyranny. I mean logically your taxes dollars went in part to subsidize the last election campaign of someone you probably loathe, fear & detest. Do you want to use the excuse that your tax dollar logically entitles you to ensconce one political party over all others? You have to know that that is not what the Founding Fathers had in mind when they designed the Democratic process. Specifically the intent was not to use the majority to supress all other beliefs. You may argue with that and carp about majority this majority that, to the victor go the spoils and so on but that would be a misreading of the Constitution.
Now to go back to the original question. Yes, you are right when you were going to say that privacy is not guaranteed by the Constitution. Fair enough. I'll give you that when you open your life to any inquiry if you have ever received money that is not a refund of your own payment from any government agency, ever. After all my tax dollars went in part to that benefit you received. I want a complete accounting of what you did with it. That includes any good or service which in any way had any government subsidy or tax credit applied to it at any stage of the process. So for example if you receive a child care tax credit that should entitle me to examine exactly and in excruciating detail what you did with and how you rear your children.
No not really - first principals first (Score:2)
there is no reason to have privacy in a school. (Score:2)
If you are in a school setting, using school computers, under no circumstances should you have any privacy. You are in school to get an education not to stare at porn. Yes, all kids in schools are curious, wonderful, do it at home. Porn has no place in schools especially when you should be doing something constructive.
As far as watching what someone is doing while they are on the Internet (snooping telnet sessions, etc) I used SSH, so it didn't much bother me but I feel that if you want to protect your privacy do it at home. School is for learning, not for porn.
partners link (no login required) (Score:2)
Damn straigh! In Canada, he'd have been sent to .. (Score:2)
The person had to have a subpenae to requests records on a specific individual. You can't just request data like that and use coercive force to obtain it.
Tell the guy to do his own marketing research.
Re:Requesting info (Score:2)
Re:sounds like a marketers dream (Score:2)
That is a brilliant idea.
This means that actually you can make money off your kidz going to college instead of them eating all your money. Good point, wouldn't have thought of this one myself.
Re:Why is this under 'privacy'? (Score:2)
Keeping logs is not an invasion of privacy (Score:2)
Keeping logs of what's happening isn't by itself an invasion of privacy. Also, it might be requested at a later time that logs be turned in by law enforcement agencies with a court order. The invasion of privacy is in using those logs for whatever reason, and acting because of discoveries from the logs even moreso.
Re:the good, the bad and the ugly (Score:2)
Internet Proxy (Score:2)
I've heard stories from the person that I know who says that he knows someone who went into the Library at the school, turned off Fortress (the software used to lock down the computer systems)_ and that turned of bess-proxy so he was able to get around to other sites that the school woudl have liked him to not get around to.
Something like, the password for the Library computres was library. If the school really doesn't want kids getting into stuff, then why not make the passwords harder? I know where I went to college a while ago, and had access to some system administration things, the passwords were very eays. Why do school's not choose harder passwords? Do they not care about security?
Re:Doesn't sound right to me (Score:2)
Log of the whitehouse (Score:2)
If the time spent at such sites is logged as well, then a significant case for wasted tax money can be made.
There will likely be some interesting fall out from this...
LetterRip
Tom M.
TomM@pentstar.com
Re:That may be comforting in theory (Score:2)
The original post implied that since his kids did not attend public school, that there was no legitimate reason for him to be interested in this information.
Wow, I can't believe that entire novella you wrote was due entirely to this simple misunderstanding!
Re:But where is the legal interest (Score:2)
Secondly, even if you were correct, I would say that the fact that he is required to pay property taxes to support that school (which he must do even if his own children don't attend that school!) gives him all the direct interest he needs.
Re:IHLF (Score:2)
What about other public institutions? (Score:2)
Re:Why is this under 'privacy'? (Score:2)
yes, you do have a right to privacy, even in public. If I go to a public toilet, I do not expect to be monitored, let alone photographed.
I am not required to identify myself, no matter who asks. And I can do just about anything in public space, as long as I dont violate any other laws (groupsex in yankee stadium would probably be public obscenity..)
And if you take a picture of me reading some mag on a streetcorner (which is not news) I can forbid you from publishing the photo.
Granted, the rights to privacy in full public view are less.. but you still have privacy.
//rdj
Re:Why is this under 'privacy'? (Score:2)
In response to this threat against the privacy of members of the university community, the university no longer keeps backups of email for more than a couple of weeks.
So, one approach to the possibility of such a request is simply to systematically delete possible offending information as a matter of policy.
At the end of (G. H. W.) Bush's presidency many of the whitehouse hard drives were erased, presumably to prevent information from getting into the wrong hands (arguably for good or bad reasons). The shame is that it is conceivable that such information could be useful to future scholars, and won't be available.
I dunno, this seems different (Score:2)
If these had any sort of log of who went where, then yes I would agree that this MIGHT be a privacy issue, but I doubt that they even have a good way of getting that information if they wanted.
Re:Internet Proxy (Score:2)
Why do the U.S. houses have no high fences with electrified barbed wire ? Why doesn't everybody wears a bullet proof vest and a gun ? It's called trust. And U.S. ppl just have too much of this stuff
--
Re:sounds like a marketers dream (Score:2)
It would be trivial to circumvent this of course.. If anyone parent worked for such an organization, they could easily demand the records.
-Michael
Re:Why is this under 'privacy'? Because it IS priv (Score:2)
No, this is a completely different issue. Since people keep insisting on using library records as an example, I'll at least give a correct example. This ruling is equivalent to requiring a library to make public a list of how many times each book has been checked out. It does NOT require, or even permit telling who checked out what books.
As a matter of course libraries do maintain and use a list of which books have and have not been checked out. This is part of the information they use when deciding what new books to buy ("Oh, I see that the books in our computer programming get checked out frequently. We should buy more of those.") and which books to sell at their used book sales ("Hrm. The 1984 edition of the Kelly Blue Book hasn't been checked out for 15 years. We should sell it.").
It is not only the right but also the responsibility of the citizens to ensure that they have proper access to public records. The citizens also have the right and responsibility to ensure that equipment purchased with public funds is being used for its proper purpose. One way of doing this is to enumerate the webpages that are accessed by computers/internet connections purchased at considerable expense with public funds.
_____________
Public Schools Are Child Abuse (Score:2)
" in loco parentis" [columbia.edu] is the legal doctrine that the school has the responsibilities and privileges of a parent while the student is located in their educational facility. Since the tradition of corporeal discipline is more severe than merely inhibiting a child's supposed "right to privacy" it seems any taxpayer who is concerned about how his money is being spent is compelled to investigate how the public school system is running things.
The real problem is the misguided notion that there are universal standards of childrearing that can be applied across all children without damaging significant minorities of the children. For example, the fact that "spare the rod and spoil the child" is unnecessary for some parents is insufficient to support the presumption of government officials that it is unnecessary for all parents, and that therefore application of state force should remove it not only from the public schools but from the private relationships between parents and their children. Interesting that these same governments can later subject a young man, who has grown up without a strong guiding hand, to a prison system where he is likely to be subjected to all manner of physical abuse, including routine sexual sadism and lethal infections which government officials absolve themselves of responsibility for by blaming it on the behavior of prisoners themselves. 1% of the US population is now in such prisons -- more than any other Western country. How can a government with such a record of abuse of those under its authority dare to interfere in the parenting practices of its citizens?
Application of force to protect children from this fate is more justifiable than is the application of state force to impose univeral rules of child-rearing.
the good, the bad and the ugly (Score:2)
This places a huge administrative burden on public institutions, in NH at least, that monitor individuals' online activities. If they have any sense they'll stop snooping. This is much better than the records being available to the bureaucrats but not to anyone else.
Bad news:
It also places a huge administrative burden on any public institution keeping non-personal logs to manage and secure its network. Libraries etc. may be forced to hire private contractors (who presumably are not affected by this ruling) to run their networks.
Ugly news:
To redact names and other personal information submitted over the web, the staff will have to pore over records which would normally be private. And it's hard to decide whether a piece of information is personal or not: for example, the nickname someone uses on Slashdot may or may not also be their nickname at school. On the other hand, the article suggests that the district will be forced to hand over the entire logs, redacting only the internal usernames and passwords.
I suggest the solution is to rewrite the usage policy to say that communication may be monitored, but only to collect statistical information and to investigate known problems and abuse. That ought to give students the privacy they deserve, and free the district from its onerous obligations.
Bess Proxy logs request letter using FOIA (Score:2)
---
Freedom of Information Officer
Network Services
Clark County School District
2832 E Flamingo Rd.
Las Vegas, NV 89121
Re: Freedom of Information Act Request
Dear officer:
Under the Freedom of Information Act (5 U.S.C. 552) I would like to request the following materials from the Clark County School District (CCSD):
1) All documentation regarding the implementation of the Bess web proxy system provided to CCSD by N2H2. Including proxy configuration, network topology after installation, and the reasons for the Bess installation.
2) All access logs that are recorded by the Bess proxy filter. These logs should be provided in digital form, compressed using either ZIP or gzip compression algorithms.
3) Documentation regarding the effectiveness of Bess at blocking Internet sites deemed inappropriate for minors and sites that have been mis-categorized by Bess.
I am aware that I am entitled to make this request under the Freedom of Information Act, and if your agency response is not satisfactory, I am prepared to make an administrative appeal. Please indicate to me the name of the official to whom such an appeal should be addressed.
If my request is denied, I am entitled to know the reasons for denial.
I am aware that while the law allows your agency to withhold specified categories of exempted information, you are required by law to release any segregable portions that are left after the exempted material has been deleted from the data I am seeking.
I also request a waiver of all fees for this request. Disclosure of the requested information to me is in the public interest because it is likely to contribute significantly to public understanding of the operations or activities of the government, and is not in my commercial interest. I am classified as noncommercial news media under the Freedom of Information Act.
Sincerely,
[my name / contact information]
Re:Keeping logs is not an invasion of privacy (Score:2)
So to prevent yourself from enabling an invasion of privacy, the best solution would be to keep barebones, informational logs (such as network use statistics).
Re:Why is this under 'privacy'? (Score:2)
Uh ? TYhe question is why is the library keeping the logs ? If I walk on the street, for instance, I don't expect a camera somewhere spying everything I do, and then giving that information to anyone. So, yes, this is, IMHO, a privacy issue.
Cheers,
--fred
Re:Why is this under 'privacy'? (Score:2)
This is because we don't live in the same country. In france, AFAIK, this won't be admissible by a court (which is, I beleive, a good thing).
Btw, by saying "I don't expect", I wanted to imply that, while I know there are a lot of camera out there, the chances that I am recorded, that the videtapes are released, and that the information is used is rather slim.
More precisely, I don't fear the public camera because there are not much of them (relatively. I mean that I can resonably expect not beeing tracked every second), because the information is hard to extract, and because the information is hardly avalaible.
My english is f*cked, the keyword in the original sentence was 'a camera somewhere spying *everything* I do'. When surfing on the web, the logs contains *everything*. This is scary. If the real-world cameras were spying *everything* I do, then it would be a huge privacy issue...
Cheers,
--fred
I'd like to see the administrations logs... (Score:2)
Re:As a parent (Score:2)
Your policy should be to delete! (Score:2)
We were advised by our attorney not to save anything, and that policy worked. After 48 hours, logs were purged, after summary information was collected.
We'd occasionaly get inquiries from the FBI tracking down a case of Internet stalking or child pornography, etc, and we'd just tell them that our our logs get deleted after 48 hours. We'd follow this up with the page copied from our procedure manual.
This satisfied them, and they didn't ask us to change this policy.
There's no good reason to save internet logs for years. It can only hurt you, and never help you. THROW THEM AWAY, folks!
Collective vs. Individual (Score:2)
I think it's similar to some ISPs' policy of not carrying alt.binaries.* on their news servers. If students are killing the lines downloading MP3s, and others are not able to use thomas.loc.gov or the like, then fine. It's not the collection or analysis of data which is a problem, it's how it's acted upon.
-Nev
Re:Internet Proxy (Score:2)
You've stumbled upon the weakest link in the security chain. Doesn't matter how clever the algorithm is, the basic problem is that people are stupid. They simply do not want to memorize passwords, nor invest any effort in creating good ones. Passwords are often one or more of:
- ridiculously obvious
- used extensively (so if you know one, you
know them all)
- reused forever
- written down
- based on an obvious algorithm
Of course part of the problem is the solution: cryptic passwords or requiring frequent changes tends to cause people to write them down or use an obvious algorithm since they then have trouble remembering them. Shared passwords have the added problem of having to re-share each time it changes, and the difficulty in trying to communicate uncommon strings (which tends to result in them being written down).And no, this is not a "trust" issue. People have a similar lackluster security attitude with respect to their bank/credit card PIN numbers, their housekeys, etc.
As a parent (Score:2)
Re:As a parent (Score:2)
That's fine, but you don't have a right to know what my kid is doing on a public computer. Just like if you suspect my kid is doing drugs, I'd better not catch you in my house going through their drawers.
You need to read the article (Score:2)
While I don't agree with releasing this type of information individually or collated, this quote from the article at least goes part of the way. It implies that the court believes individual privacy (such as asking for someone's specific records) is a separate matter.
In short, the father wasn't asking to see anyone's specific access records and he didn't need to. Going by the documented judge's finding, this probably worked in his favour.
===
Hey, don't forget: (Score:2)
Re:Doesn't sound right to me (Score:2)
Re:This is not about the FOI act. (Score:2)
Silver lining (Score:2)
--
Several issues here, but ruling is IMO right (Score:3)
Also note that the judge specifically balanced the privacy of the students *AND* faculty vs the state's right to know law, and said that a program can be used to strip out all identifible information: the guy is only going to get a list of sites that were visited by the school system, so privacy *is* protected. If he wanted to go one step farther and find out who visited whitehouse.com, for example, he would then probably have another court battle to face, and given the expressed interest of the privacy of the students *AND* faculty, he probably wouldn't get it. In any case, all this guy wants is evidence that children visited explicit sites such that he can fight for mandatory filtering.
This is a PUBLIC institution, and therefore was not exempt from the public right-to-know law. Some here appear to be worried that it will extend to ISPs and whatnot. But those are for the most part private institutions, and therefore do not have to respond to public requests like this. The only way such log files will be revealed to third parties is if they are subpena'd.
Some are trying to compare a real world example, and the best way to think of this result is that if I wanted information from a public library on it's lending records, all I can expect as a public citizen is a list of books and how many times they were checked out. I would not expect to be able to trace back who borrowed a specific book without further legal action.
This does create an instresting situation for those in public colleges however. Yes, I would expect that a similar challenge on log files will give a similar result (only getting the list of sites, not names and such), but this is college, and I would expect to see a more diverse list. May be something to watch for.
And there is a good point on pg 2 of the Times version: if this decision is held throughout it challenge, then groups like Peacefire can easily get infomation on real-world lists of sites that were blocked if filters become mandated, and thus fight for removing such filters or emphasizing more public input into better filters.
Re:That's where it starts... (Score:3)
Re:But where is the legal interest (Score:3)
Is this really an invasion... (Score:3)
Mind you, I don't want this kind of thing getting into the hands of bookburners, as would be the case here. But I'm not sure there's anything illegal about his request.
----------
Re:IHLF (Score:3)
Lawyer in court: On this day, [insert date], you downloaded 150 pictures from www.kinkysex.com ...
A related story: Traffic cameras (Score:3)
DelDOT has traffic cameras [deldot.net] all over the state of Delaware. Once while checking out the traffic on I-95 I saw the camera zoomed in on an accident scene. I asked a friend in DelDOT if they recorded the video camera images. He said the absolutely DO NOT do this. One can't subpoena something that doesn't exist nor ever existed.
There's a lesson I learned from that.
What are your current backup tape retention policies? Do you just keep a few generations or do you stash long-term archival copies somewhere? If so, for what purpose? Will they come back to haunt you, your users, YOUR COMPANY, later?
The problem here is that seldom are there laws or regs saying stuff must be recorded, backed up, etc. But if they happen to have been, then they are open game for subpoenas and if applicable FOI requests.
Uhh, one other point! (Score:3)
These are just a few of the possible URLs. Also remember that POST and GET requests are logged too, so even if it doesn't show up in the URL, its still logged. It would not be hard at all to imagine someone collecting all of the records from around the country and doing a quick search to find where a particular "username" lives. Sure, not everyone is a student, but the internet is ATM mostly kids.
Me? I use an HTTPS proxy to encrypt everything I send, so I'm ok. But most students have no way of knowing such a thing exists, and recreational browsing at schools is a must in today's society.
Re:Why is this under 'privacy'? (Score:3)
"a record without revealing confidential information, such as an individual student's name, user name or password"
So, only the internet addresses (whether they be DNS or IP addresses) were given, not userids, passwords, or, most importantly, real names.
Unless, of course, the script produces also the client IP of each computer and the time of request, and the parent has some way/document of matching J. Random Student to J. Random Computer at a given time. Unless he has these three pieces of information, that information he received is not very useful in regards to tracking students.
If I were that school, this is how I would give him the data: I would give him a list of only each place the student, by IP address only. Thus, he would have a huge listing of:
143.23.145.165
135.204.65.1
208.123.5.143
etc, etc. It's that the bare minimum they have to comply? Or, even better, hex encode it, and give it to him as:
1A.0B.AA.F8
5B.CA.64.03
etc, etc. I mean, that is a completely valid method of writing IP addresses down.
I mean, true, now the school *has* to comply. Doesn't mean that they have to make it easy.
Cool! (Score:3)
I wonder... if it's mandated that schools and libraries use a censorware product, could you demand the list of sites the product bans under the same act?
Re:Why is this under 'privacy'? (Score:3)
If I walk on the street, for instance, I don't expect a camera somewhere spying everything I do, and then giving that information to anyone. So, yes, this is, IMHO, a privacy issue.
While you may not expect this, the law stated explicitly that in this case you have no legal expectation of privacy on a public street. Thus, if you are videotaped or audio recorded by police doing an illegal activity, it is admissable as evidence in court. This even extends to private property for public use (like a mall, or a restaurant). However, in your home, police must have a judge sign off on the taping for it to be admissable evidence.
IANAL
Intelligent decision making? (Score:3)
Call me foolish, but I am not as upset after reading about the ruling of the judge. By ruling that identifying information about users be removed from the logs before they are turned over, he's protecting personal privacy and obeying the FOI Act.
When this father's crusade is said and done, I belive he's going to find nothing that justifies his censorware. In fact, he's probably going to create another problem. He's going to find some consistant evening or early morning "dirty" surfing going on - there's going to be a scandal over which faculty member or administrator (or stupid sysadmin who forgot to remove that from the logs) visits the sites and the censorware will be forgotten or the shouts of "family values!"
Someone else will step forward with information about how screwed up filtering software is (not only ethically, but even under it's own standards, by blocking political or inocuous info). And maybe, just maybe, enough people will admit that they too, have surfed for porn, and that maybe this is all ridiculous.
I'm not pushing a transparency critique here, I'm just acknowledging that once some info escapes through a crack in the dam, it's only a matter of time before it breaks and intelligent and relevant decisions can be made.
Besides this is Vermont. We get this guy some Ben and Jerry's and we'll have no problem!
IHLF (Score:3)
Re:Internet Proxy (Score:3)
I think we are forgetting something (Score:3)
You could be able to find what students are searching for (because it is included in the URL of search engines), possible find out who the kids are (username for sites that send with URL), and intercept "private" messages that COULD be sent over the URL.
Has anyone heard whether or not the logs include the page they viewed?
Re:Why is this under 'privacy'? (Score:3)
I think that we're fighting the wrong fight here. If the technology exists to collect such information, it will be used, and it will be susceptible to abuse. That's pretty clear from the history of technology. The only question will be, who gets to abuse it? By fighting for less disclosure, we are essentially tying our own hands when we have need to root out abuses by those in power.
David Brin makes this issue his central argument in "The Transparent Society" which was published a couple of years ago. It's a must read for anyone interested in privacy issues, IMHO, just to get an out-of-the-box take on the problems. What he says, essentially, is that the more you attempt to lock down information, the more susceptible it is to undetected abuse by those who do control it. And with data collection technologies becoming less and less obtrusive, soon there will be no way to know that it's happening at all--unless we can create a meme that will call for _more_ disclosure, not less. The solution is not to try to lock away public (or in some cases even private) records, but to make them more accessible to everyone. In essence, what he says is that it's more valuable to open everything up to everyone (providing a sort of check and balance environment) than it is to restrict knowledge to a few who may abuse it with impunity, protected by those same privacy laws. He does not state, but I believe that it is implied, that we really only have a brief window of time to accomplish this, before we lock things down to such an extent that recovering such freedoms becomes problematic.
Not everyone will buy this--I'm not sure I do completely--but it's certainly worth considering the un-intended consequences of reactionary calls for secrecy.
Re:Requesting info (Score:3)
Start with the school district office (not the school site office, necessarily -- they probably won't have a clue what you're talking about). Generally, one person at the district office is in charge of public relations/public information. That person may be the superintendent or the responsibility may lie (pun intended) with a director of public relations or some similar title.
Tell your contact you want to make a request for public records under the Freedom of Information Act (FOIA). There may be paperwork and a fee for document reproduction involved, which will vary from district to district. Depending on the district, your liaison will contact the appropriate staff person to obtain the logs, or may refer you to her directly.
If the district resists your request, you now have precedent (at least in New Hampshire) in your favor. Have a good time!
Re:Why is this under 'privacy'? (Score:4)
pisses me off. Slashdot's forum is a public
place. Anything you say here can be quoted
as if you yelled it on the streets of Miami.
That is the result of public expression.
Quoting, or more properly, citation, is covered under fair use. Look it up [templetons.com] at Brad Templeton's site: Myth 4, third paragraph:
Fair use is almost always a short excerpt and almost always attributed. (One should not use more of the work than is necessary to make the commentary). It should not harm the commercial value of the work -- in the sense of people no longer needing to buy it (which is another reason why reproduction of the entire work is generally forbidden.)
Also, by simple act of posting my comments here on Slashdot, I obviously implicitly allow copying of my content for the purpose of conducting a discussion on Slashdot. This includes viewing, printing, quoting, and all other uses necessary to have a discussion here on this site. Copyright law explicitly protects such uses.
Use of my text outside of Slashdot, for example in a book published by Andover, or on a Best Of Slashdot CD-ROM, or in other places or for purposes other than discussion here on Slashdot requires a license. That is, I have to explicitly grant you the right to use my words.
Copyright does not cover names, trademark law does that.
Copyright does not cover ideas, patent law does that.
So if you like what I write, but I would not grant you a license to use my words, you could always phrase the ideas I convey in your own words, or express them differently (i.e. using no words at all). That should be differently enough in order not to qualify as a derived work, though.
And finally, when asked, I usually grant the license to use my words for free - completely, unaltered and with correct attribution as well as a pointer to my homepage. I do like to get 1-3 free reference exemplars of printed matter, and pointers to the sites where my words are hosted. Also, I will not grant license to use my words for free, if you sell them. If you make a living by selling my words and my works, I demand a sensible share of that money.
If you want to read my words, and my works, please go to my homepage. You find it at http://www.koehntopp.de/kris [koehntopp.de]. I keep freely accessible online copies of everything I have written and deemed useful, whether sold or not. I make my contracts in such ways that I can maintain this website with my works so that you can access all my published articles [koehntopp.de] and USENET posts [koehntopp.de] as well as my [linuxdoc.org] open [netuse.de] source [php.net] projects [koehntopp.de].
Copyright law may be not an ideal solution, and may be an annoyance sometimes. But there is (or at least was at some point in time) reason behind it and used sensibly and nonoffensively, it can be actually useful to protect the interests of the public as well as the interests of the author. Just try to think, and use Google, before you flame.
© Copyright 2000 Kristian Köhntopp [slashdot.org]
That's where it starts... (Score:4)
Just because someone hasn't reached the age of majority doesn't give anyone the right to traipse through records stripping them of any dignity or privacy.
The next argument will be: Well why should we stop just because they've reached the age of majority?
If its not tied to an individual person, what's the point? The school can also run the list through the IP filter to remove all traces of "unapproved sites" which might have been hit by who knows who?
Major snoops and people who are that invasive about information use should be deprived from it for the very reason that the asked for it!
Requesting info (Score:4)
Why is this under 'privacy'? (Score:4)
Re:Why is this under 'privacy'? (Score:4)
Nobody expects the Spanish Inquisition!
Try looking up a bit more often. You're going to be shocked at how often you are on camera these days.
Re:Why is this under 'privacy'? (Score:5)
In Germany, the supreme court has ruled that if a basic right can only be excercised in a way that the person exercising this right would feel monitored, threatened or otherwise limited while exercising that particular basic right in such a way that that person may decide not to exercise that basic right at all, then this is identical to an illegal takeway of such a basic right and therefore illegal.
In the above library scenario that would mean: If you are using a public information terminal to exercise your right as an adult to browse arbitrary information sources and you must fear that your browsing history is being monitored and may perhaps be used against you, than this would be an illecal takeway of your basic right to free and unhindered access to public information. It may be okay or even necessary to monitor the internet connection of minors (judges are still out on this issue in Germany), but it is clear illegal to do such a thing on a public terminal when an adult is using that terminal.
© Copyright 2000 Kristian Köhntopp [slashdot.org]
But where is the legal interest (Score:5)
So in the end this where law and public policy are mismatched to the Net? Why you ask? Well in this case it's not much different that protesting outside of a family planning clinic. the law states that protests have to be a certain distance from the front door so that people going are not only physically prohibited but also that they are not subject to undue emotional stress, verbal abuse, etc. In the case here there is no physical separation so what we have in effect is a protest or vigil that has a chilling effect on using a facility without the protection from figuratively blocking the door.
So the question you have to ask yourself is, is this challenge really about filtering software or is this challenge about using the facility at all. It would be interesting from a legal perspective to see whether this gentleman could be successfully prosecuted if he ever published and identifiable information on minors who access the Net. That is, let's say he is collecting this information in order to pressure the school or the students by publishing the names or addresses of sites they visit. If he refers to any identifaible attribute of a minors access, say, first initial last name could he be prosecuted under a law that bars divulging any information about minors without their guardians' consent?
Re:As a parent (Score:5)
Thing the first: The guy's children are _not at that school_, and he is requesting the log files for all of the children in the school. He does not have responsibility for any of those kids.
Thing the second: You might have the legal right to go through your daughter's drawers. But I'm not convinced that you have the moral right. Why shouldn't she have the same right to privacy as you? I don't believe your "responsibility" for someone's upbringing suddenly gives you the right to go through their personal stuff.
sounds like a marketers dream (Score:5)