Internet Usage Records Accessible Under FOI Laws

thehawk writes: "In what could be a landmark decision in the area of online privacy rights, a New Hampshire court granted the father of a public school student the right to obtain Internet usage records of all students who used computers and Web access supplied by the school district. The district was also ordered not to withhold records that may be requested in the future and was forced to pay plaintiff's attorney's fees...." The New York Times also has a story on this.

The records in question are log files created by the schools' proxy servers of what URLs are accessed by the student body. The school district in question isn't censoring Internet access with any sort of censorware product (they use teachers to monitor what students are accessing), and the parent would like to prove that the students are accessing porn sites. I do not believe it is an invasion of privacy to access these records; if there was an invasion of privacy, it occurred when the school district collected the records on their students, not when someone else requested to see them.

Some comments of mine that didn't make it into the Times article: I hope that this situation casts some light on Internet usage at public facilities. Many, many Internet services are set up to create detailed log files by default -- proxy servers, Web servers, various login mechanisms and authentication mechanisms, etc. These records are being collected, and they are just lying around on machines or tape backups here and there, and they are, if the entity that collected them is a public entity, public records accessible under FOI laws. If you want to prove that your local school/library shouldn't be censoring the Internet, request the records. (I'll help! E-mail me.) If you want to prove that your local school/library should be censoring the Internet, well, I won't help, but I still support your right to get access to public files.

And while this situation is about records collected by public entities, the same records are routinely collected by private entities as well. Is your Web access going through a proxy server at your ISP? (The answer is more likely to be "yes" than "no," by the way -- a proxy can be installed that is transparent to the end-user.) Then your ISP is collecting detailed records of every single URL you access through their service. How long are these records being retained? Who is the ISP selling them to? Do you know?

Go private

This gives a whole new meaning to the term "privat school."

You might want to ask about

what exactly happened to www.censorware.org

No Big Deal

As long as they don't give out any names, there is no invasion of privacy here. (As far as I can see, it's just a summary of internet usage for the school as a whole.) However, I don't believe that government should be involved at all here. Choice in schooling will only come from a completely privatized educational system.

Re:Is this really an invasion...

[Stormie]

although you can trace access back to a terminal, you cannot reliably trace it to a user. In other words, it can be found that someone accessed www.1337pr0n.com at such-and-such time, but it cannot find who that was.

Depends. I'm assuming this is a Windows network - if people are logged in, the proxy server is almost certainly recording exactly who accesses www.1337pr0n.com. This is what you'd expect in a workplace where everyone has user accounts, obviously not what you'd expect in a library, where all the terminals will surely just be logged in as guest accounts. A school? Could be set up either way..

However, if you peruse the article in question, it makes reference to "the cost of redacting the names". Which certainly implies that (a) the logs do have the names of those who were accessing http://goatse.cx and (b) those names aren't going to be revealed.

Re:Please help

[Xenophon+Fenderson,]

Well duh, you've got little x-es where there should be numbers, you dummy! :)

Rev. Dr. Xenophon Fenderson, the Carbon(d)ated, KSC, DEATH, SubGenius, mhm21x16

Judge with a clue?

[Xenophon+Fenderson,]

If I read the Newsbytes article correctly, it sure sounds like the judge had a clue when it comes to technology (e.g. the bit about not having to print out 80,000 pages of logs, merely burn them to CD). Maybe all hope is not yet lost!

Rev. Dr. Xenophon Fenderson, the Carbon(d)ated, KSC, DEATH, SubGenius, mhm21x16

Re:As a parent

[Tarrant]

The person asking for access doesn't have any children in public school. He was also looking for all web logs for all computers owned by the school (i.e. what all children access). There's no way, even if he had children in public school, that he could only see what his own children are doing because you don't know which machine they're on at which time.

The core issue here...

[talks_to_birds]

...is the continuing belief in American culture that every single individual must mold public life to his or her individual whim.

"Knight, a master plumber whose four children had attended schools...

OK: the guy doesn't even *have* kids in the public schools now: he's already swept them off into a safe little nook where they are controlled in every thought and act.

And *don't* start with "...but he's paying taxes that support the public schools.." -- his share of the total school district budget is miniscule at best. His share is probably neither substantially larger nor smaller than anyone else's..

All of us are members of the entire society we live in, and a lot of people need to grow up and accept the fact that society at large may by necessity support transactions that we personally don't think much of...

...in the Exeter area two years ago before transferring to private schools, has been a vocal critic of the local school boards' decision not to require filtering or blocking software on school computers. Concerned that students were visiting pornographic or other inappropriate Web sites,

Aha! This is what this is *really* all about: the guy has his own narrow little prejudices, and he's goddamed if he's going to let anybody else look at what he doesn't like.

What's inappropriate? Sites about meat-based diets? Sites about Amnesty International? Sites about AIDS information? Sites about anime? This is *one guy* -- he's got his kids sealed off from what *he* doesn't like, but now he's going to censor what anybody else can look at? And don't doubt for one moment that this is exactly where this is going...

...he sought access to Internet History log files from 1998 -- the date when a majority of local students gained online access in schools -- to the present."

The core problem here is that far too many people have the world-view of a three year-old: "I am the center of the entire universe, and *all* shall bow before my wishes".

The atomization of American culture by the widely-held belief that any single individual can mold collective behavior into his or her own narrow tastes is the serious threat here, not the fact that school district web logs are suddenly public information.

t_t_b
--
I think not; therefore I ain't®

The school board shoulders the blame

[substrate]

There are a few important points that need to be made here.

The school board on the surface did the right thing by trying to prevent the disclosure of these records. They screwed up massively on two counts though. They made the logs in the first place and if they were required to log them then they should've only been logged as bulk statistics.

The judge seems to have acted in accordance with the states right to know policy unfortunately. The failure in this case solely rests on the school board: They enabled the disclosure of data under the Right to Know Policy by taking the data.

Maybe I'm unclued but....

[Vermifax]

...why not just have the logs expire after seven days? If you run into problems just temporarily increase expiration?

Vermifax

Re:Why is this under 'privacy'?

[mph]

And if you obtain books via a public resource such as a school or public library, then you shouldn't expect much privacy, either, right?

Then why was it that when I worked in a public library, there were signs all over the place reminding us that the privacy of circulation records was protected by law?

If there's no way to identify the student who accesed a particular site, then I don't have much objection. But Schneier's "Secrets and Lies," for example, discusses tricks people use to extract particular data from statistical queries. Do you know that a particular student usually sits in front of a particular workstation (and hence IP address) 6th period? Should his family know that he's looking at www.am-i-gay.com or www.dad-touches-me-where-he-shouldnt.com?

Re:Requesting info

[Sir+Robin]

This is complete b.s. [...]

It's not so far fetched. I've read of some businesses that do that exact thing (post sites visited with user IDs to internally available "public" sites) in an attempt to curb non-work usage. I can assure you, I'd read a lot less /. (or at least read it a lot slower (via my dial-up link -- my reading speed, as such, wouldn't change :)) if my employer did that.

And if they tell you they do it before hand, and you sign a paper that acknowledges that admission, who's to blame when they find you at www.a-triple-x-site.com, and discipline you for it?

Re:Is this really an invasion...

[T-Ranger]

I diddnt assume that they were running Netware, I assumed that they had some technology aroun there school for some time, and thus were proabably running Netware. And from that I gathered that if they were running a proxy server it would be bordermanager.

But my point was that tracking traffic per user is doable, easily.

Re:Is this really an invasion...

[T-Ranger]

The article dosent mention what NOS the school is using, or what proxy server product either.

Since its a school with not only a internet connection, but one with a proxy server (demonstrating its a large network, not just a PC with a modem), we can assume there somewhat technicaly clued. There probably running Netware >4, so they have NDS. And there probably running either BorderManager, or one of the OEM proxy apps thats based on Novels code. Which are all aware. And can all do access control based on usernames, and/or workstation.

Since the proxy server is doing ACLs on usernames (even if its allow everyone everything) it cleary knows who its sending data too.

Should it be logged? As a sysadmin I say: log everything.

Should the logs be accessable to say the school administration? Should they be accessable to just anyone? Harder questions. School Admins: sometimes, probably.

IT sicken's me

[Lumpy]

Ok, you whine when the school watches what you do on their computers.

You bitch when work reads your email and watches what you do on their computers.

Solution? DONT USE THEIR EQUIPMENT/COMPUTERS!

The laws clearly state that the owner of the equipment can monitor it's use, until that law is changed (really fat chance on that happening!) noone should be suprised, or expect any less.

Hell, most companies have phone monitors cacheing incoming and outgoing phone numbers dialed, and from what extension! We caught a moron making 1-900 calls from his cube, and fired his butt with it!. (Ohhh I violated his privacy!!! boo-hoo. Kisss my white american butt.) If they watch you at home, then that's wrong. But anyone can watch you in public.... that's an american right!

The school did things right, and the parent is right in saying he/she has the right to look at it. NOW: if anything comes of it, "I.E. Look a porn site URL!!!!" it had better come from a IS professional's mouth. Most parents havent a clue on how cacheing logs work, or how the internet works... www.goatse.cx might be serving banner ads along with the sicko crap that is there... (I assume... from reading what others write about it.)

Moral of the story? If you dont want to be watched, dont go outside. If you cant handle that, seek therapy.

Re:Why is this under 'privacy'?

[Lumpy]

Nice ideal to hide under... too bad it is just smoke and mirrors.

I dont care what country you live in, the GOVT will monitor you if they desire, and they will do it without warning... ("knock,knock... Hello? Yes, sir, I'm from the government and I'll be monitoring you this evening... is there any times you wish that I not be peeking in your windows?")

Given Germany's history, and the close ties to the US govt... they probably have a really nice profile on every citizen that is living there.

Dig for the truth, dont accept what they tell you.

Re:sounds like a marketers dream

[Eravau]

This differs from a child's school records in two ways:

1. The judge that presided on this case said that all information identifying specific students had to be removed from the logs. So no personal privacy is being invaded in that way.
2. The school's internet usage policy, which the kids should have known, stated that everything was being logged. There was never any privacy implied in their use of the Internet (just the opposite)...unlike the school records which are protected.

duh! just don't save the logs

[Splork]

Anyone working for a federal institution should know better than to save their logs for more than a month. A better question is why was the school logging anything int he first place? They are not required to.

Re:the good, the bad and the ugly

[funkman]

So it is monitored but does the policy say who may read the logs? The police? Teachers? Other students? School Board?

This ruling says the general public may view those logs. While there is the freedom of information, there is the right to privacy.

Just like many things we use are monitored, there are laws to protect us from an invasion of privacy.

Some interesting propositions...

[funkman]

This is interesting because of the analogies one may use.

Are Internet transactions the equivalent of a telephone call? Therefor, the same rules of privacy apply as a telephone call and conversation?

Or is an Internet transaction like a borrowing a book from the library? Even though, the borrowing and returning is instant. So the record of transactions follow the same provacy rules as to what you checked out at your school library.

What if it wasn't a member of the public asking for the information, but a teacher. Teachers have some special privacy privledges equivalent of a parent of students.

Does this ruling apply to any publicly funded entity: Library or even better the Internet transactions logs of our "friends" in Congress or State/Local Government. (I think there was a ruling already on the gov't one)

Re:Why is this under 'privacy'?

[xantho]

Try looking up a bit more often. You're going to be shocked at how often you are on camera these days.

Amen. I'm on camera upwards of 30 times a day...

You want cameras? I got your freakin' cameras.

--Xantho

Re:This is not about the FOI act.

[arafel]

None of which (except maybe C) is really anyone's fault but the students. Don't agree to something without knowing what you're agreeing to, it's a very basic rule.

Re:Is this really an invasion...

[Spit]

It's not that hard to log IDs with ident, available on most platforms. You can log and trace anything if you feel the need.

Re:This is not about the FOI act.

[JatTDB]

Well of course it's a basic rule...I know that, you know that, but how many average high school students are going to care?

Re:This is not about the FOI act.

[JatTDB]

The article notes that the school's AUP clearly states that any and all use may be monitored. Of course, how many students A) bothered to read the AUP, B) really thought about that monitoring clause, and C) gave any consideration that someone outside the school system would demand the logs through the FOIA?

My biggest question is...what the hell does he want with the logs?

Re:Why is this under 'privacy'?

[Shotgun]

Your assumption in that you assume a right as an adult to browse arbitrary information sources from public terminal without being monitored.

You have a right to read porno mags on the street corner. I have a right to watch you read porno mags on the street corner, take pictures of you reading porno mags on the street corner, and even publish pictures of you reading porno mags on the street corner in the Sunday Times. You do not have a right to privacy, or even an expectation to a right to privacy, in a public place. Furthermore, you do not have a right to use public facilities for any purpose you desire. I may have paid taxes that funded the building of Yankee Stadium, but that doesn't give me the right to participate in group sex in the middle of center field during the 7th inning stretch of the World Series.

Read the article; talk with your child...

[flieghund]

From the Newsbytes article, a quote from the first sentence:

...a New Hampshire court granted the father of a public school student the right to obtain Internet usage records...[emphasis mine]

However, I happen to agree that this seems to be overkill if the guy in question is just a "concerned parent." And to the original poster: I would hope that you would at least ask your daughter if she was using drugs before you started rummaging through her personal effects. Even though you are in a position of authority over her, tyrannical dictatorships rarely work out as well as trusting partnerships. I would even go as far as to ask permission before commencing the search. That doesn't mean you necessarily have to honor her request not to search: if you have a trust-based relationship with your daughter, then you should be able to explain why you think it is necessary to search through her belongings, and she should be able to explain why (if at all) she doesn't want you to. And if you do decide to go forward with the search, allow her to be present.

Of course, I'm not a parent. But I was a kid for 18 years...

Re:Read the article; talk with your child...

[bmasel]

If she is dealing drugs, and busted, the
authorities have the 'right' to confiscate MY house, and possibly arrest ME.

Not anymore. Civil Forfieture Reform Bill, passed ~1 year ago, stregnthens "innocent owner" defence.

Re:Read the article; talk with your child...

[Capt.+Beyond]

That depends on the situation, of course. If she has an on going problem with staying in school, friends are getting her in trouble, etc, I wouldn't ask. Of course I would probably consult her, when she started getting into trouble, and let her know of the possibility of intrusion. You have to realize, tho. If she is dealing drugs, and busted, the authorities have the 'right' to confiscate MY house, and possibly arrest ME. Even if I did not know of it.

Re:As a parent

[I+R+A+Aggie]

You might have the legal right to go through your daughter's drawers. But I'm not convinced that you have the moral right. Why shouldn't she have the same right to privacy as you?

His house, his rules. When she attains the age of majority, and is capable of supporting herself, then and only then can she expect that level or privacy. At that point, it will become her house, her rules.

To put it another way: them's that pays the piper calls the tune. When you can pay your own way in the world, that's when you start realizing freedom.

James

Re:Why is this under 'privacy'?

[catfood]

I mean, true, now the school *has* to comply. Doesn't mean that they have to make it easy.

Yes it does.

Judges don't appreciate being jerked around. The school is going to have to comply with the letter and the spirit of the ruling. Making it gratuitously difficult to read the data isn't in that spirit.

Re:Internet Proxy

[darylp]

If the school really doesn't want kids getting into stuff, then why not make the passwords harder? I know where I went to college a while ago, and had access to some system administration things, the passwords were very eays. Why do school's not choose harder passwords? Do they not care about security?

I know that in my experience, Libraries care more about freedom issues than you'd give them credit for. Although they're mandated by federal / council law to provide proxying and filtering software, you'll find that most of them will be set up so that they're trivial to circumvent in the right hands.

This is a good thing, as it encourages open-minded use of computer facilities, as well as providing the library with a suitable fallback should such browsing be reported.

Of course, it'll take one spoo-brain to leave a publicly accessible browser open at goatse.cx to ruin it for everyone.

Boring place to look for logs...

[Monte]

...I'd be much more interested in the surfing habits of the White House, or Congress, or the Supreme Court. Anyone want to do an FOI there?

For the record, I agree with the court's decision - any surfing done on a public (that is, government owned/subsidised) system is information that belongs to the people. It may raise the hackles of the privacy fighters, but it's one of those trade-offs that make freedom work... the people have the right to monitor what the government does with it's systems so we can make sure they don't get into shenanigans or simply piss our tax dollars away.

As to why the schools are keeping logs - that's simple: so the next time some Ritilin-soaked nutcase tosses a few clips at his classmates the school can check the logs to find out what web sites perverted his mind, and filter them out.

It's for the children!

Re:Why is this under 'privacy'?

[Grumpman]

Here in the US, there is more 'freedom' than most poeple think. Check out UpSkirts.com. The "Freedom" to take pictures/video of anyone/anything in public and publish it as you see fit give ME the fits! We go on about how "Everything" should be free, but I don't want cameras in public bathrooms (I saw this on TV. Cameras in the bathrooms of a COPS STATION no less!)

Re:Why is this under 'privacy'?

[rossz]

In Germany, the supreme court has ruled that if a basic right can only be excercised in a way that the person exercising this right would feel monitored, threatened or otherwise limited while exercising that particular basic right in such a way that that person may decide not to exercise that basic right at all, then this is identical to an illegal takeway of such a basic right and therefore illegal.

Wow. What an incredible piece of common sense!

Re:Why is this under 'privacy'?

[psergiu]

Watch "Enemy of the state" and think again. They know. Everything.

--

Re:Why is this under 'privacy'?

[DoomHaven]

Good point, but define "gratuitously difficult", please? Would just giving up the IP addresses, be difficult? I will assume the hex representations would be "gratuitously difficult", but IP? I wouldn't think so; I mean, they *are* the basis of Internet, and should be perfectly acceptable.

http logs are typically fine grained

[Emmet]

Every HTTP GET and POST is logged with the full URL. Scripts are commonly employed to generate aggregate data based on TLDs or client machines.

Re:Why is this under 'privacy'?

[jmccay]

Further, the computers are the property of the schools. Thus, they would be subjected to the similar laws gorverning computers used by employees at work. Thus, it would be legal to collected data on student usage, and legal to view email.

But where does it end?

[Tau+Zero]

The lists that the guy will be given will be stripped of any identity or specific machine.

Sure, that's what they say. But how much personal information will be leaked in things like options on URLs? How much privacy will be breached by revealing the target of a page, like someone's web-mail account?

It's time for that school board to destroy the logs in the regular course of business. 72 hours should do it. Data which do not exist cannot be revealed.
--

Re:But where does it end?

[Masem]

The court order specifically refered to protecting the identity of the students, something that the articles suggest the school board in question was fighting for. Given that, there will probably have to be concessions in the identity filtered list that are reasonable under this order, such as removing anything after a ? in the URLs (that is, arguements for a GET method).

As for maintaining logs, it's become quite evident that having old logs can both harm you as well as help you in court cases. It's probably in the school's best interest to hold on to these logs, especially since the school is accountable to the public in that system.

Re:But where is the legal interest

[Logos]

In addition to the tax paying supplying interest, I would venture to say that because the query is for information at a *public school* (part of the government remember) the plaintiff has sufficient interest.

Merely being a citizen entitles him to request information of a school. IANAL

Children are property too.

[Logos]

I agree, the big question in the decision was:

Judge Abramson said that students in schools are not using the computers for personal use "but as an integral part of the education curriculum." Thus the records of such official computer use must be deemed public, she asserted

Is that information the school's, or the children's??

Like you said, why should anyone be able to get a print-out of the entire book borrowing record from a public library?

I guess because its a government funded entity (some of them) your individual privacy goes out the window.

But I think it makes more sense to say that information is mine, not the library's. They just store it for me.

"part of the education curriculum" is the weak spot in the judge's comment IMO -- what about teacher's breaks? what about recess? Is she implying that the facilities are not available except for school education? Then what about when kids play basketball in a gym after school, or kiss in the hallways?

Is this level of invasivness really what we want for our citizenry?

People like the plaintiff treat children like property, not citizens. That's why the battle cry of these busybodies is "protect the children!"

Instead Protect property, and the country, but educate the citizens. And children are citizens too.

/rant/Re:Why is this under 'privacy'?/rant/

[Rares+Marian]

Walking into a grocery store doesn't give Joe Blow the right to check store owned camera tapes for every person that had entered the store.

That's why it's under privacy.

It's also under YRO because of the word RIGHTS in the title of the section. These laws are made on incredibly vague terms (the fact that I'm not puking my guts out is only because I have a class to go soon). Why have access to only student's use? Why not the teacher's use as well? Where's the line drawn? Where's the bloody logic Mr. No brainer. I'm an idiot. Explain it to me genius.

Hello? If you access the internet via a public resource such as a school or publid library, then you shouldn't expect much privacy.

Okay first of all please refrain from reasoning that ignores context. The word public does not qualify on its own as an argument. Try a bit harder. Second, please give me a reason why I shouldn't expect privacy. Should someone be able to look over students' shoulders at what they are reading? Is being a student some sort sub human rank to you, asshole?

If I drive on the public highway, you have no right to request information about what all the people were doing on it.

As stated, these are logged and as such, are public property subject to the FOI act. Seems like a no-brainer.

Agin, where's the context? C'mon have the decency to present your case. Traffic logging and content logging are completely different things. One records bandwidth use, the other information they have no right to. Otherwise, by your approach (which I have to say is unnacceptably subjective), people do not own the content on the sites they visit some of which may be private like for example a point where people share personal things or private things like places to meet after school or business plans (oh I forgot students aren't human they have no ambitions and no rights to them, cuz you know it's just ain't natural for students to want a future for themselves).

Yack all you want about how students should be productive citizens contributing to society, in practice you're full of shit.

God, it's like it's a sin to want to control a bit of your life these days. People love to discuss pompously profound statements and questions like why do you expect privacy?

It's a network of people. There is no complete visibility get over it. Try telling a western lawman 100+ years ago that it's the west and he should expect no ownership of property.
In the words of Stan (I think) from a South Park episode a few nights ago: "Suck my balls", and yes I'd be glad to "present them." Name the time and place and the photographer.

Re:Why is this under 'privacy'?

[Rares+Marian]

The roads are state owned in most states. How's that work out asshole?

Re:Why is this under 'privacy'?

[Rares+Marian]

You're on crack.

What would be the point of libraries if everyone had to buy wireless service to their l;aptops everywhere they went.

Sorry, states only get their powers from the people around here. There must be concessions on BOTH sides. I'm about sick and tired of giving.

Re:Why is this under 'privacy'?

[Rares+Marian]

Well you know it's one of those cases where there's only two sides to the coin. You and he have mentioned both. We already know the truth. Now we do something about it and it;s going to be even more unexpected than the monitoring they are doing.

It will be subtle, embarassing to opponents, and complete unstoppable, yet absolutely harmless.

Data and content

[Rares+Marian]

Huge difference. People still don't get it.

Re:Silver lining

[Darby]

What I'd like to know is what the plaintiff's motive for requesting these documents in the first place is

This is really the critical issue. There is no good reason I can conceive of, but plenty of bad ones. My best guess is that he suspects that some students are coming to terms with possibly being gay and that they are visiting sites related to this lifestyle. Once he identifies them, the younger the better we must assume, he will use the threat of "outing" them to make them victims of his abuse.

Can anyone suggest a more reasonable scenario?
Or for the grand prize how about a scenario in which he is not a seriously disturbed psychotic
---CONFLICT!!---

Re:As a parent

[Darby]

I have a moral right to raise my daughter as I see fit

Well, to a point

If she gets busted, who pays her attorney's fees, the bail money?

Ummm.... She does? If not, then you are sending her the message that it's ok to do bad things because you'll take care of it. The only way I would pay for this sort of thing is if I disagreed with the law that was broken or didn't believe that it was, in fact, broken.

I think it's good that you are willing to accept your responsibility as a parent, but part of that is to make sure she recognizes hers.

Disclaimer: I am not a parent

---CONFLICT!!---

Some Insights

[Trekologer]

At the high school I graduated from, before students were able to use any computer in the school, both the students and parents were required to sign the acceptable use contract. It essencially said that students could not use the school's computers to access porn, illegial stuff, etc. But it went on to further say that while the computer use was monitored and it was agaist the policy to view such material, the school could not be held responsible for the students actions . It indemnified the school from being sued over what little Timmy was viewing on the computer. IMO, all schools should have a contract such as this.

I am personally split over whether or not parents should have access to the logs of what their children view on a school computer. While parents should be able to know what their children are doing at school, in some cases it could be difficult and expensive for the school to compile the data.

Fasten your seatbelts, here comes the rant...

Its is completely wrong for a school to be sued over something as stupid as this. Who is benefiting from taking up the school's time and money to fight a lawsuit in court? The students sure as hell aren't. They are being deprived of education becasue someone with an agenda decides that they want to get their way. James Knight wants to have censorware installed on the computers are he's trying to get the school and the law to prove his case for him. The lawsuit was a total waste of public funds. If he wants the log files then he's the one who should be required to pay for the expences involved with extracting and printing/copying the logs.

Ok, now that I got that out of my system... The logs can be used for good (good, according to many /.'ers), such as to point out flaws in censorware packages. Which, is a Good Thing. But I still stand behind my rant when I said that to obtain copies of the logs, the requestor should have to pay for them.

What a surprise

[graniteMonkey]

A citizen of the United States of America is granted access to information about resources provided by a Department of the United States of America. Full government disclosure is a good thing unless it infringes on "our inalienable right to free internet access on the government dole". Slashdot users hippocritical. Film at 11.

Re:Why is this under 'privacy'?

[nowindowz]

Our chief weapon is The Proxy server and Windows NT

Two, Our Two chief weapons are The Proxy server, Windows NT and a Lawyer

Three, Our Three chief weapons are The Proxy server, Windows NT, a Lawyer, and some guy out to prove a point

Four, Our Four chief weapons, oh never mind you do it.

Sorry I know very bad humor but I could not resist

Re:As a parent

[Deosyne]

#include&ltperspective.h&gt

Ain't that the best part about having kids? Even though enslaving adults is now illegal, its perfectly fine to grow your own from scratch, as long as you don't whip 'em. Hell, I'm thinking about having another after this one gets a bit older just so I'll have someone else to put in line. Oh sure, the poor bastards weren't given the choice, but hey, fuck 'em; that's parenting, baby! You get to kick their resentful asses out on to the street once they hit 18 anyway, so just tell 'em to shut the fuck up and get in line until the law allows them their freedom. You tell 'em!

Deo

Heh, semi-amusing sidenote; just as I finished punching that sarcastic rant up, my daughter laughed, smacked my nose and waddled off. Really blows the whole thing out of the water when they won't even put up with your crap when they're barely a year old. ;)

Re:Log of the whitehouse

[Deosyne]

The government isn't a private organization, in which case I would wholeheartedly agree with you. The gov't is a public organization which serves the citizens of the country. I assure you that many of our employees are not performing well and definitely need to be further scrutinized to locate and repair the problems. I know I'm getting tired of paying far too many middle managers and secretaries while receiving insufficient results. As a co-CEO of this country, I urge my fellow board members to monitor employee performance more diligently and to help eliminate the heinous waste that is causing stagnation in our advancement and ruining our bottom line.

There, let's see if corporatism can succeed where patriotism is failing, since people seem to be far more company-centric than nation-centric these days.

Deo

Re:Why is this under 'privacy'?

[mazur]

You're going to be shocked at how often you are on camera these days.

But those camera's and the information they obtain are regulated by very strict laws, aat least here in the Netherlands. Recordings may be kept only 72 hours, and only viewed by few law-officers under very strict circumstances. The man in this story wants the records all the way back from 1998 to now. To what purpose? I don't know. Maybe he's trying to find the best free pr0nsites himself, and hopes the students with their copious free time and superior knowledge will have found them. I expect they have, and even on occasion will visit them. How you can wheedle out those from more obviously study-relevant sites is a big riddle for me. Especially if only IP adresses are logged (for better performance). Here in the Netherlands a defense against releasing the data would be, that that's not what the data is collected for, which is a big nono in the current data-privacy law.

Stefan.
It takes a lot of brains to enjoy satire, humor and wit-

Re:As a parent

[Harri]

I don't know how it works in your country, but here the actions of one's children do not endanger one's own freedom or house(??) in any way. Sometimes people with repeat-offending children get ordered to go to parenting classes, but that's it. If it's like that in your country I think that is morally wrong, not to mention weird and freaky.

As for the bail money, you don't have to bail anyone or pay for lawyers for them if you don't want to. If you feel morally obliged to, then think of it like you would think of paying for a new stereo for them if they did something stupid and smashed it. You don't tie up your child to prevent them costing you money.

And, you do not have a moral right to raise your daughter entirely as you see fit. You cannot beat her and lock her in cupboards. Personally I would count invading someone's privacy as a right that you never have, like beating them or killing them.

Re:This is not about the FOI act.

[cwebster]

at the school district i went to for high school, any class that had internet access required you to sign the AUP before you were allowed on the computers, so if the student didnt read it or understand it, it is thier own faults.

How I feel about this

[cecil36]

The logs are a public record, and anyone within the district should be allowed to access them without having to go through any red tape. This school did take a step in the right direction by having a teacher monitor the lab (although this could be a problem if the teacher on "lab duty" is heavily offended by stuff other than porn that a few students may find acceptable, such as role-playing games). I feel that this model will work in all public schools, as the students will be able to access whatever information they need to do their research projects, plus be able to have some fun just browsing.

public school (in the US, of course)

[311Stylee]

why is this such a big deal?
anyone who has ever gone to public school knows that you receive disciplinary action for such terrible offenses as running in the hallway, standing in the wrong place, disagreeing with any member of the school staff etc ad infinium...
of course they are going to bust your a$$ if you are looking at porn.
anyone who has gone to public school also knows that administrators and teachers don't follow the rules of the outside world, for instance you are considered guilty of any offense you are reported for - even if you didn't actually do it! i can't recall how many times i was called to the office in high school for "skipping class" when i was actually there... it's not my fault the damn teacher(s) are too incompetent to accurately document class attendance. furthermore, they will accept any evidence, circumstantial or otherwise as proof of your guilt: they automatically assume you are lying.
it's a small wonder that so many people are paranoid control freaks: they probably attended public school too...


C:\>ls
bad command or file name
C:\>uptime

Why is this under 'privacy'? Because it IS privacy

[ArtPepper]

Oh, I see. So the next step is that I should be able to sue the public libraries to see who has been reading which books. Maybe I especially want to see who has been reading cryptographic books, or maybe gay literature, or whatever? I mean, "Hello? If you access via a public resource ..." THINK!

I perspective from the trenches

[NightHwk]

I actualy went to highschool in NH sau16 just a few years ago...

I have to agree that the logs should be made accesible to the parents of students. The logs are legitimate, the equipment is paid for by tax payers, making it property of the public, and is used by the children of the tax payers. If a parent wants this sort of information, there should be no problem. These schools have lots of newer equipment, and at least one CDRW drive per network that could easily be used to provide the large amount of information requested.

I also must say that I am not suprized at the reaction by the administration. This school district in particular is just as weighed down as any of the worst in the country with small people in powerful positions...A bad combination, and in addition to that, they are largely ignorant of the workings of the digital world.

NightHawk

Tyranny =Gov. choosing how much power to give the People.

Because it doesn't apply to libraries

[kspencer]

In most states any records detailing the history of the public are extremely private - by specific (as opposed to blanket) statite. For example, in the state of Colorado the only way someone who is not an employee of the library may have access to records is through some form of court order. The laws of most states are similar - and since the article refers to the library user privacy issue as a defense that was attempted, it must apply there as well. As another poster mentioned, there's nothing private about whether (or how many times) a book has circulated or how many people have been in the library in the past month - just anything that lets someone else know your reading/information interests and habits.

That said, I find myself wondering just how 'clean' the 'scrubbed' records are. Certainly the script probably removed the names and IDs of the students. But did they also scrub the information of which computer was used at what time (which might be compared to class schedules and rosters and seat assignments) or any other means of identification through secondary correlation?

Of course this might not matter. No mention is made in the article of what the father was trying to find. Did he want the detail of what sites could be reached - to evaluate how effective the filter was? Did he want to know how much time the computers were used in preparation for discussion at school board meetings over budget allocations? Did he want to know and punish any students who might be interested in membership in the ACLU? All we know is that he requested the history logs, and that the judge ruled that these minus the individual user identification were legal for him to receive.

Re:What about library records

[tburkhol]

Do I need to worry about somebody filing a FOI reqest for library records and finding that I only ever borrow Harry Potter books?

No. As the article pointed out, library records are individual. The information the judge released was ONLY what pages were accessed when. NOT who accessed what. More equivalent to asking the librarian "How many times was Harry Potter checked out last year?" or even "Is Harry Potter checked out right now?"

Re:As a parent

[Holyscapegoat]

he is my LEGAL responsibilty. I am LEGALLY responsible for the actions of my daughter. If she gets busted, who pays her attorney's fees, the bail money? I have a moral right to raise my daughter as I see fit. If her drug usage endangers MY freedom, or MY house, you bet I am going to invade her privacy.

If I had a father like you, I'd run away. You can claim your legal rights all you want, and that's fine, but that doesn't make it morally right. Dictator parents in my experience rarely have much of a relationship with their children after they grow up - something you may want to consider.

You also better pray that you never need to go to a nursing home...

Legalities...

[Stoutlimb]

Childeren don't own property. Their parents own it, and allow childeren to use it as they see fit. There is no such thing as looking through your daughters sock drawer. You are looking through your own sock drawer that your daughter uses.

This is in the eyes of the law. And in the eyes of morality, if you subscribe to conservative points of view.

As for you liberals, flame away...

Bork!

This really hits home for me...

[hex1753]

At the place I attend High School (I'm a sophmore), the administration is VERY tight about security when it comes to that. In fact, they are very cautious about computers in general, as I almost got the boot when I opened up Explorer. I've been tempted to go and do this (requesting log files), but figured I would be turned away instantly. Basically our school is racist against geeks. Anyway, I'm hoping I can use this case to my advantage to perform a similar feat. It'd be fun just to start a little debate, even.

---

This is not about the FOI act.

[mheckaman]

The real thing we have to be asking is, "should the school even have been collecting these records in the first place?" -- The school obviously has the right to keep the logs since it is their hardware and network, though it doesn't mean that just because they can do it, that they should do it. Moreover, were the students informed that they were being logged in such intricate detail? I know the going trend is "Students have NO rights" but I tend to disagree with that. If they were not informed of the logging and made clear just how much information the school was collecting on them, then I think they have a reasonable expectaton of privacy.

-Matt

Re:This is not about the FOI act.

[5KVGhost]

Ok. So maybe _now_ they will care. Live and learn.

Re:That's where it starts...

[Judas96']

"Major snoops and people who are that invasive about information use should be deprived from it for the very reason that the asked for it!"

I wish that would work. The reason people generally want to look over everybody else's shoulder in situations like this is because they don't have enough information on computers/the interenet and how and why they are used in the first place. Then they hear about how it can be abused and how it is 'blackening hearts' and decide that they must protect us from ourselves. If people would research things on their own instead of getting all riled up over some questionable statistics and soundbites this would happen less often than it does. I am glad my parents allowed me to make many of my own moral decisions, instead of peeping in on what me and my friends(!) were doing every single minute of every single day. Of course my parents were confident that they had taught me enough to could make reasonable judgements on my own. I may have not always chosen correctly society-wise, but I also never did anything to get thrown in prison either. Not by a long shot. This father obviously does't trust his son or his son's friend any further than he can throw them. If he is that worried, he should be homeschooling his son and sheltering him from every little evil imagined or otherwise. Keeping a tight reign on your sons and daughters is one thing, you don't have to become a paranoid schizophrenic over whether or not they are spending every single second obeying the law to the letter and being upstanding citizens that we all hope they will be. Also, I am annoyed even more over the fact that this man is allowed to view the logfiles pertaining to everyone who used a computer at the school. If he absolutely had to view logs, they should have been limited to the times at which it could be proven his son was the user. More than anything, I think this father needs to be reminded that he too was a kid once, and that he probably stuck his hands in the proverbial cookie jar himself every once in a while. Does he really think he ended up worse off for that freedom?

Re:Why is this under 'privacy'?

[Donut2099]

I would assume that unless the logs only had the IP's, that would be unacceptable.

kinda what I said?

[captainober]

Well....It is

Re:Why is this under 'privacy'?

[captainober]

I refuse to have my thinking affecting by a Jerry Bruckheimer Movie...respectfully: come on!!! I believe that the overriding factor here is an expectation of privacy. When accessing the I-net from the school that expectation should not have been present. It sounds like the students and parents signed a waiver. They had no expectation of privacy. I am not convinced this ruling sends us on a slippery slope. thoughts?

Re:Doesn't sound right to me

[captainober]

I disagree with your first premise. People should not expect to be monitored like this in public libraries or places. It is only after a legally binding expectation has been established. Either by a waiver or some sort of signed documentation. If the government has not told me that they are monitoring or watching me than, by god, they had better not be. These students (and parents) knew that they had no expectation of privacy. Without a warrant or waiver the gov. should stay out of my life (and yours)! Capt O 01

Re:Why is this under 'privacy'?

[djrogers]

I'm sorry, but when did acccessing the Internet become a 'basic right'? That's as silly as saying that cable TV, cellular phones, and Britney Spears CDs are 'basic rights'.

Could this be used to discredit censorware?

[Pict]

It just occurred to me that the release of these logs might be useful in some way.

If the school district isn't running censorware, and the logs show all the sites accessed from the school, surely there is a way to run the data from the logs through various censorware programs and see what they let through?

Or rather, see what they don't let through...

The results would almost certainly be interesting and might even be a convincing argument for the school not to implement censorware in the future...

Might be worth a try...

Pict

Re:Log of the whitehouse

[Suidae]

I disagree. I don't have a problem with the use of the company LAN or computers for personal use, as long as the employee is performing well (and not doing anything that would put the company into legal risk).

I think the same thing should apply to government connections. If Ms. Intern wants to take a break and go check cigar prices online for a bit, I don't have a problem. If her performance (on the job) suffers, then her supervisor needs to do something about it.

Re:That's where it starts...

[wsloand]

The FBI had a plan several years ago to track library loans of "subversive" books.

They had this plan, but it was blocked because there were too many invasion of privacy issues. The internet records should be collected in the same way. The library can (and usually does) track what books are being checked out in the aggregate because they need to know what books to buy 100 copies and they need to know what books to only buy one copy of when it comes out.

Re:As a parent

[Capt.+Beyond]

Unless, I am a police officer. Then, with the proper papers, I CAN go through your kids drawers, and YOURS also.

Re:partners link (no login required)

[steveargonman]

If people insist of posting NYTimes articles, why the hell not include the link to the NOAUTH/PARTNERS version as well?

Re:Why is this under 'privacy'?

[Karmageddon]

I'm not saying there is no privacy issue: of course there is. But there is also the issue of public funding and retrospective public accountability, an which you are ignoring. The purpose of accountability is not negative. Looking at the records, should we be funding internet access at a higher level because it's so important, or at a lower level because the funds could provide better education if spent in a different area?

The Nader inspired Freedom of Information Act cuts both ways.

Re:Requesting info

[dohnut]

Actually, that gave me an idea, why even have sensorware? I mean, just have a public web site that dumps the logs from these institutions showing time/date, username, and url.

Hell, let people search the logs by username.

Then forgetting to log out from your terminal would once again cause you a fair amount public embarassment, criminal charges, etc.

This is complete b.s., but if that's the way they are going to do it, they may as well cut out the middle man and provide all this data to the public by default, why waste tax dollars everytime some parent wants to go on a witch hunt, or whatever they plan on doing.

Yeah, it's a public terminal, so what? Public terminals are how government is bridging the digital divide. So, basically those who have can browse the net without being watched (well, we won't get into that now), and those who do not have, can browse everything that does not piss people off.. Great.

Re:As a parent

[dohnut]

Yup, but since I'm staying on the topic, this scenario is about a parent who is looking not only at his child's web viewing habits, but the web viewing habits of every child in that school. I don't need to know what your kid looks at on the web, and you don't need to know what mine looks at on the web.

As far as police going through my sock drawer, if the police have probable cause or a warrant, they can knock themselves out. They are police, you (so I'm assuming), I, and the father in question are not police officers.

Kiss your private accounts & passwords goodbye.

[bl968]

With the logs that now anyone can get you will find records of form data submitted with the GET instead of POST tags. This information could include program serial numbers from automatic updates, account names and passwords for different information services, and a multitude of other confidential information sources all of which the user of these services/public proxies have a right to expect to be kept confidential. What this does is let hackers, dataminers, and busybodies request this information and track personal usage statistics. While I am all for protecting children from questionable material, my method is simple parents watch your children. Who knows you might have some quality time together.

children aren't supposed to have rights

[JesusOfNazareth]

well, they have rights, but it's very popular to take some of them away to prtect their "safety", or something like that. Now, if this were some random person/corporation/gov't agency who demanded internet usage data from an ISP, and it held up in court, we'd be in trouble.... cough cough, ahem.
bye

Re:Silver lining

[mad_clown]

Agreed... in this case, though, I'd have to sign with the plaintiff... Free Speech rights on school grounds is a shady issue as it is, and unless students are compelled to use the school's internet services, they *do* know that they, by using those resources, consent to a certain acceptable use policy, and should expect to be monitored...however, the court's decision to stick the school district with the plaintiff's legal fees seems like a slap in the face.

What I'd like to know is what the plaintiff's motive for requesting these documents in the first place is... Is it just curiosity? Is it for some sort of Parent/Teacher Association inquiry? Or is this guy intending to pore through the logs, find one or two instances of some miscreant browsing porn or visiting "ANARKY ROOLZ HOW 2 MAK BOMS" page, and point at these as evidence that the Inernet is, in the words of G.W. Bush, "corrupting the minds of children", and that the school district is somehow promoting this by offering Internet services. If this is indeed what this fellow intends to do, then we can only hope that if and when he takes it to court, he'll get shot to pieces by a judge and jury... and maybe he'll even have to pay the school districts legal fees....

---------

Yes it does.

[Siqnal+11]

The school district in question isn't censoring Internet access with any sort of censorware product (they use teachers to monitor what students are accessing), and the parent would like to prove that the students are accessing porn sites.

--

Re:Internet Proxy

[Paul+Sheridan]

That's a bad analogy. Using library, administrator, root or any other obvious password is roughly equivalent to leaving your doors unlocked and painting a sign on your house that says "I'm not home, steal whatever you want".

Re:I'd like to see the administrations logs...

[SlamMan]

You have every right to see the government's logs for most public institution. Assuming its not dealing with sensative data, thats exactally what the FOI act means. We get requests from the Church of Scinetology something like once a month for our log on anything regarding L. Ron Hubbard, their founder, and we have to bend over backwards to provide this information to them. Addmittedly, its a nusance, but I want the same privlidge if I ever need to find out something from the smisonian, or the ATF. Besides, it help keep the conspiricy cooks down.

Re:Doesn't sound right to me

[kyz]

Two points:

1. As other posters have said, people should expect to be monitored in public libraries.
2. If phone companies gave out logs, they'd have to remove the 'private information', as this library did. They'd have to remove all the ids of users doing the dialling, and all ex-directory dialled numbers. Remember, no user names, ids or passwords were given out in these logs. Its only value to advertisers is to work out the most visited web sites, which are probably yahoo, altavista - they knew that anyway.

But why?

[SCHecklerX]

The article doesn't say anything about why the guy wants the records in the first place.

Why does he want the records? Of all students, no less?

I have to agree

[bmongar]

I think the court made the right ruling. Usage of public internet resources with a usage agreement basically means no expectation of privacy.

I would be interested however to know if the guy found the pr0n he was looking for. Maybe he just wanted to find our what some good pr0n sites :)

Can anybody be identified individually?

[Bezanti]

If not, I guess restricting access to these public records would be a violation of the plaintiff's freedom of information. If yes, I guess we must balance the identified individual's right to privacy against the rights of the plaintiff. It seems to me that no one's individual rights were violated. Therefore, I fully agree with the verdict.

Note, however, that if there is no requirement for a school to maintain such records, the school should not maintain them. It is an absolutely questionable practice to maintain them without being under a particular obligation to do so.

How much information are they getting?

[Uppa]

The frightening question to me is just how much information are these logs handing out? I mean of course they're supplying all URL's etc accessed, but how about other items such as e-mail? The same arguments that were used to justify giving out the current logs (right to know act, knowing their usage is being monitored) could be used to give a copy of every email ever sent to Anyone who feels they have a 'right to know'.

And if they can get the emails, they have the email addresses, which lands you on every spam mailing list in the world. Hrm, maybe I'm just overly paranoid.

Re:IHLF

[HiNote]

I think it's lawyers trying to sound cyber-savvy by using acronyms.

Re:Requesting info

[cube+farmer]

Most states have an equivalent to FOIA... but in any case, virtually all local schools accept (a very small amount of) federal funding. IIRC, he Supreme Court has ruled that non-federal government agencies receiving federal funding must comply with federal rules, including those of FOIA.

Only in the US...hopefully

[evil_roy]

This is nuts... Even if it's allowable under the law....shouldn't the judge have asked " What do you really want" "and here's the records kept of all the books each student took off the shelf to peruse.....and take your dick out of your hand in my courtroom "

Sneaky git

The father wanted to see if the kids were looking at porn did he? Why, did he want some good links for himself then? ;)

He could have just asked!

Re:Why is this under 'privacy'?

[jbrw]

If that's the case, why this recent story about a man suing an impotence clinic when they used his image without his consent?

Wasn't Fatboy Slim's album artwork "You've Come A Long Way Baby" changed in the US because they couldn't locate the person used in the original album artwork?

...j

Re:As a parent

[Trepidity]

I see a certain necessary level of control, but I don't see the necessity (or even benefit) of total control. The goal of a parent should not be brainwashing. If your child disagrees with you politically, does not want to join your religion, or has a different taste in music, that's perfectly fine - it's not your place as a parent to force them into certain viewpoints.

Re:As a parent

[Trepidity]

His house, his rules. When she attains the
age of majority, and is capable of supporting
herself, then and only then can she expect that
level or privacy. At that point, it will become
her house, her rules.
To put it another way: them's that pays the piper
calls the tune. When you can pay your own way
in the world, that's when you start realizing
freedom.

I'd disagree. The daughter is not capable of supporting herself simply because she is a child. It is not her fault that her father must support her - it is entirely her father's responsibility for having a child, and he must accept that responsibility. Since, supporting the child is a responsibility that comes with having that child, it does not entail any additional rights for the parents - they are not justified in violating their daughter's privacy simply because she does not pay for her own house.

Re:Why is this under 'privacy'?

[kris]

I'm sorry, but when did acccessing the Internet become a 'basic right'?

It did not specifically become a basic right. But since I started this by reporting on the German view on things, I may continue to quote German law. The basic rights of German citizens are written down in the Grundgesetz. The first section of that law is about basic rights, and is specifically protected against alteration - yes, we actually did learn something from the past. Freedom of expression in Germany also includes unhindered access to public information sources:

Jeder hat das Recht, seine Meinung in Wort, Schrift und Bild frei zu äußern und zu verbreiten und sich aus allgemein zugänglichen Quellen ungehindert zu unterrichten.

translated: Everybody has the right to express his or her opinion freely in word, text or images and to inform himself or herself from publicly available sources.

Given the fact that the internet has become a major information source in Germany, publicly accessible information terminals are being installed in public libraries specifically for the purpose of serving article 5, section 1 of the Grundgesetz. They provide the Grundversorgung (basic service). Basic service is seen as necessary in order to make information available to all citizens so that they can exercise his or her citizens rights and make informed choices in elections and participiate in political life.

German Grundgesetz also defines the legal framework from which the derived basic right of Informationelle Selbstbestimmung (informational self-determination? Someone help me translate that) emerged during the 1974 (I believe) great census. The census rule said that citizen rights include the right to be left alone, and defined how intrusive the state can get and what can or can't be done with the data collected by the state. The census rule ultimately forced German legislature to create a privacy protection act and later led to the creation of a common European privacy framework.

This is very different from the US approach, where there is no such general privicacy protection act and framework, but only a collection of case law, some specific laws and a general reliance on self-regulation within the industry.

© Copyright 2000 Kristian Köhntopp

Interesting case

[Zachary+Kessin]

Normaly the FOI act is a good thing to protect the public. However in this case someone used that act or the NH state version thereof to do something troubling. I would like to know exactly what information they are going to filter out of these logs.

I think it may be time to write a few letters, any other NH residents here to join me in that?

The Cure of the ills of Democracy is more Democracy.

Re:What about library records

[Zachary+Kessin]

Go to your library ask them, you will probably find that Library records are much harder to get at due to first ammendment protections. And a lot of libraries don't keep records after you return the book anyway. Just for such reasons. You may be able to find out how many people took out Harry Potter books, but not who.

The Cure of the ills of Democracy is more Democracy.

True, however...

[Millennium]

You can trace back to an account, yes. But you can't trace directly to the user. After all, there's always the stolen password defense (for example). On a publicly-used terminal, there's no way to prove or disprove that conclusively, unless you were to install security cameras and monitor the tapes.

And also, don't forget that logs can be tampered with, if someone has the know-how. Chances are there's at least one person like that in every school, and there's no way to tell who that is short of catching them in the act.
----------

What about library records

[Eponymous+Coward]

Do I need to worry about somebody filing a FOI reqest for library records and finding that I only ever borrow Harry Potter books?

Are all public institution records fair game? (except ones relating to national security)

-ec

That may be comforting in theory

[gelfling]

But contrary to the current fashion proclaiming that paying taxes entitles you to any and all instantaneous and unlimited access to any information, you are in fact, wrong. For if you were correct then you would also be entitled to, nay, guaranteed access to any and all school employees' or any governmental employees' HR records, the detailed accounting of any and all governmental agency or facility, the detailed logs, diaries notes or any other record on anything compiled by any government employee on any subject or matter whatsoever. Unlike some countries, like say Iran or the PRC there actually is an expectation of at least some privacy and the argument that because you personally pay taxes entitles you to having the final say in any and all details about running a government facility is specious. If that were true then you personally should be able to regulate dams, power plants, aircraft carriers and the like. The agument that you personally pay taxes so you personally have to gain a direct benefit is equally specious. Why you ask? Well there are many many things your taxes support that do not and would not expect to personally use. Take prisons for example - you pay for them but you do not expect to have to be incarcerated in one.

You see this is great myth of the Right. That you personally need to give your detailed and instant approval to anything no matter how small the detail in order for the government to be legitimate. The fact is, you're a citizen a part of community and there are going to be things that you personally don't agree with. For anything else to be the case is an excuse for tyranny. I mean logically your taxes dollars went in part to subsidize the last election campaign of someone you probably loathe, fear & detest. Do you want to use the excuse that your tax dollar logically entitles you to ensconce one political party over all others? You have to know that that is not what the Founding Fathers had in mind when they designed the Democratic process. Specifically the intent was not to use the majority to supress all other beliefs. You may argue with that and carp about majority this majority that, to the victor go the spoils and so on but that would be a misreading of the Constitution.

Now to go back to the original question. Yes, you are right when you were going to say that privacy is not guaranteed by the Constitution. Fair enough. I'll give you that when you open your life to any inquiry if you have ever received money that is not a refund of your own payment from any government agency, ever. After all my tax dollars went in part to that benefit you received. I want a complete accounting of what you did with it. That includes any good or service which in any way had any government subsidy or tax credit applied to it at any stage of the process. So for example if you receive a child care tax credit that should entitle me to examine exactly and in excruciating detail what you did with and how you rear your children.

Re:That may be comforting in theory

[bgarcia]

The agument that you personally pay taxes so you personally have to gain a direct benefit is equally specious.

Please re-read. What I said was that a tax-payer has direct interest. I am not saying that this interest automatically translates into a right to access all of that information.

The original post implied that since his kids did not attend public school, that there was no legitimate reason for him to be interested in this information.

Wow, I can't believe that entire novella you wrote was due entirely to this simple misunderstanding!

No not really - first principals first

[gelfling]

One needs to establish legal standing. If one cannot establish direct legal standing then one is free to file an amicus, a 'friend of the court' as it were'. There is no doubt that one could sue for some remedy retroactively because that is why we have affirmative statutes of limitation. OTOH if one can no longer be helped or harmed by either outcome and there is no direct legal remedy to be obtained either way then one would or should have a very hard time proving legal standing. One could sue as a test case but its clear that the motivation for that is political or social, not legal. That is specificallt the point. An interest can derive from a benefit or it can be independent of any benefit or remedy. Either way you still have to establish standing. For example I don't have children in that school district either and don't even live in that state. I would have to establish some standing before being allowed to sue. I may claim that I have standing based on the fact that in some tiny way I helped pay for it but that is a vague and slippery path that no court would willingly pursue.

there is no reason to have privacy in a school.

[garcia]

I am a college student that looks at porn, so I am not biased towards what I am about to say..

If you are in a school setting, using school computers, under no circumstances should you have any privacy. You are in school to get an education not to stare at porn. Yes, all kids in schools are curious, wonderful, do it at home. Porn has no place in schools especially when you should be doing something constructive.

As far as watching what someone is doing while they are on the Internet (snooping telnet sessions, etc) I used SSH, so it didn't much bother me but I feel that if you want to protect your privacy do it at home. School is for learning, not for porn.

partners link (no login required)

[cymen]

http://partners. nyt imes.com/2000/11/10/technology/10CYBERLAW.html

Damn straigh! In Canada, he'd have been sent to ..

[crovira]

We had a case like this a while back.

The person had to have a subpenae to requests records on a specific individual. You can't just request data like that and use coercive force to obtain it.

Tell the guy to do his own marketing research.

Re:Requesting info

[Detritus]

The FOIA is a federal law, applicable to federal agencies. State and local governments are not subject to the law.

Re:sounds like a marketers dream

[arivanov]

That is a brilliant idea.

This means that actually you can make money off your kidz going to college instead of them eating all your money. Good point, wouldn't have thought of this one myself.

Re:Why is this under 'privacy'?

[HeghmoH]

You apparently didn't read your own post. According to you, the only time monitoring is equivalent to denying the right is when the only options are monitored. Public terminals are not the only option for web browsing.

Keeping logs is not an invasion of privacy

[kinkie]

Disclaimer: IANAL, this is all IMHO.

Keeping logs of what's happening isn't by itself an invasion of privacy. Also, it might be requested at a later time that logs be turned in by law enforcement agencies with a court order. The invasion of privacy is in using those logs for whatever reason, and acting because of discoveries from the logs even moreso.

Re:Keeping logs is not an invasion of privacy

[Ray+Yang]

Keeping logs in and of itself is not an invasion of privacy. BUT if you are a public institution, and you know that any John Doe can pop up and demand those logs, what you're doing is enabling massive infringement of user privacy, depending on how specific the logs are (if the logs give which computer accessed what at what time, it only takes some snooping to figure it out -- people fall into regular use patterns).

So to prevent yourself from enabling an invasion of privacy, the best solution would be to keep barebones, informational logs (such as network use statistics).

Re:the good, the bad and the ugly

[YoJ]

Did anybody read the article? The internet policy at the school already says that all communication will be monitored at all times.

Internet Proxy

[matth]

Where a friend of mine goes to school they use a proxy server (which happens to rought through the ISP that I work for) heheh... anyway.. he goes to a public high school. As far as I know though, the proxy server at the ISp doesn't log the URLs anyone goes to. It's basically a Family Friendly type of service, which anyone who subscribes to the ISp for internet access can use. They just put in the proxy settings and then the systme goes through something known as "Bess Proxy" which is a service that available to ISPs from another outside source. I've never used the service, but I've heard it works fairly well. Of course, there is a password to override it, so I assume the students could get around it.
I've heard stories from the person that I know who says that he knows someone who went into the Library at the school, turned off Fortress (the software used to lock down the computer systems)_ and that turned of bess-proxy so he was able to get around to other sites that the school woudl have liked him to not get around to.
Something like, the password for the Library computres was library. If the school really doesn't want kids getting into stuff, then why not make the passwords harder? I know where I went to college a while ago, and had access to some system administration things, the passwords were very eays. Why do school's not choose harder passwords? Do they not care about security?

Re:Internet Proxy

[psergiu]

> Why do school's not choose harder passwords? Do they not care about security?

Why do the U.S. houses have no high fences with electrified barbed wire ? Why doesn't everybody wears a bullet proof vest and a gun ? It's called trust. And U.S. ppl just have too much of this stuff :)

--

Re:Internet Proxy

[fish+waffle]

Something like, the password for the Library computres was library. If the school really doesn't want kids getting into stuff, then why not make the passwords harder? I know where I went to college a while ago, and had access to some system administration things, the passwords were very eays. Why do school's not choose harder passwords? Do they not care about security?

You've stumbled upon the weakest link in the security chain. Doesn't matter how clever the algorithm is, the basic problem is that people are stupid. They simply do not want to memorize passwords, nor invest any effort in creating good ones. Passwords are often one or more of:

• ridiculously obvious
• used extensively (so if you know one, you know them all)
• reused forever
• written down
• based on an obvious algorithm

Of course part of the problem is the solution: cryptic passwords or requiring frequent changes tends to cause people to write them down or use an obvious algorithm since they then have trouble remembering them. Shared passwords have the added problem of having to re-share each time it changes, and the difficulty in trying to communicate uncommon strings (which tends to result in them being written down).
And no, this is not a "trust" issue. People have a similar lackluster security attitude with respect to their bank/credit card PIN numbers, their housekeys, etc.

Re:Internet Proxy

[Suidae]

Because if someone tries to climb over such a fence to rob your house and they hurt themselves, they can sue you and are likely to win.

Re:Doesn't sound right to me

[JatTDB]

The phone company is a company, as in a business. This story is about a school. A public school. The rules are completely different. Right or wrong, that's the way it is.

Log of the whitehouse

[LetterRip]

It would seem that the same law would apply to the logs at the Whitehouse and other major organizations.

If the time spent at such sites is logged as well, then a significant case for wasted tax money can be made.

There will likely be some interesting fall out from this...

LetterRip
Tom M.
TomM@pentstar.com

Re:But where is the legal interest

[bgarcia]

The plaintiff has no direct interest other than a vague legal interest public policy, because, and this is important to understand, his own children are not in the public schools...

First of all, you are wrong. The very first sentence of the article says:

In what could be a landmark decision in the area of online privacy rights, a New Hampshire court granted the father of a public school student the right to obtain Internet usage records of all students who used computers...

Secondly, even if you were correct, I would say that the fact that he is required to pay property taxes to support that school (which he must do even if his own children don't attend that school!) gives him all the direct interest he needs.

Re:IHLF

[wiredog]

I Hit Laughing Fnords

What about other public institutions?

[jburroug]

If I read the article right this guys main claim to the history files is that the school is publicly funded and as a taxpaying citizen he has a right to know, under FOI laws, what exactly the state is doing with his money. So he'll get acess to the browsing history of all the students in the school district. What about other public institutions though? Couldn't some one under the same FOI laws request the broswer histories/proxy logs of every state employee surfing at work? Provided of course any personally identifiable information is removed this also seems like a reasonable request. I'd personally like to know (and publish) the browsing record of say the governors office.

Re:Why is this under 'privacy'?

[radja]

>You do not have a right to privacy, or even an expectation to a right to privacy, in a public place.

yes, you do have a right to privacy, even in public. If I go to a public toilet, I do not expect to be monitored, let alone photographed.
I am not required to identify myself, no matter who asks. And I can do just about anything in public space, as long as I dont violate any other laws (groupsex in yankee stadium would probably be public obscenity..)
And if you take a picture of me reading some mag on a streetcorner (which is not news) I can forbid you from publishing the photo.

Granted, the rights to privacy in full public view are less.. but you still have privacy.

//rdj

Re:Why is this under 'privacy'?

[outlier]

I work at a large state university. A few years ago, as part of a lawsuit against the university, the plaintiff requested and received old email backup tapes through an FOI request.

In response to this threat against the privacy of members of the university community, the university no longer keeps backups of email for more than a couple of weeks.

So, one approach to the possibility of such a request is simply to systematically delete possible offending information as a matter of policy.

At the end of (G. H. W.) Bush's presidency many of the whitehouse hard drives were erased, presumably to prevent information from getting into the wrong hands (arguably for good or bad reasons). The shame is that it is conceivable that such information could be useful to future scholars, and won't be available.

I dunno, this seems different

[Cuthalion]

It seems very different to say to the library "What books have been checked out in the last year and how often?" and "What books did J. Random Patron check out in the last year?". Just like it seems okay for a site to say "information you give us will be sold or given away in aggregate form" but not without that aggregate bit.

If these had any sort of log of who went where, then yes I would agree that this MIGHT be a privacy issue, but I doubt that they even have a good way of getting that information if they wanted.

Re:sounds like a marketers dream

[maraist]

Aren't there laws, similar to child stalking laws, that prevent any institution from targeting children in a certain type of way including polling them? Meaning that, short of publishing these logs on the web, a commercial institution would not be given access (much like a child's school records are not publicly accessible).

It would be trivial to circumvent this of course.. If anyone parent worked for such an organization, they could easily demand the records.

-Michael

Re:Why is this under 'privacy'? Because it IS priv

[lizrd]

So the next step is that I should be able to sue the public libraries to see who has been reading which books.

No, this is a completely different issue. Since people keep insisting on using library records as an example, I'll at least give a correct example. This ruling is equivalent to requiring a library to make public a list of how many times each book has been checked out. It does NOT require, or even permit telling who checked out what books.

As a matter of course libraries do maintain and use a list of which books have and have not been checked out. This is part of the information they use when deciding what new books to buy ("Oh, I see that the books in our computer programming get checked out frequently. We should buy more of those.") and which books to sell at their used book sales ("Hrm. The 1984 edition of the Kelly Blue Book hasn't been checked out for 15 years. We should sell it.").

It is not only the right but also the responsibility of the citizens to ensure that they have proper access to public records. The citizens also have the right and responsibility to ensure that equipment purchased with public funds is being used for its proper purpose. One way of doing this is to enumerate the webpages that are accessed by computers/internet connections purchased at considerable expense with public funds.
_____________

Public Schools Are Child Abuse

[Baldrson]

Why would anyone get upset at something like this "invasion of privacy" by a taxpaying citizen is beyond me. Many parents who send their children to public schools are, in so doing, engaging in a form of child abuse well beyond mere "invasion of privacy". Of course, the same can be said for the use of television as a childcare tool.

" in loco parentis" is the legal doctrine that the school has the responsibilities and privileges of a parent while the student is located in their educational facility. Since the tradition of corporeal discipline is more severe than merely inhibiting a child's supposed "right to privacy" it seems any taxpayer who is concerned about how his money is being spent is compelled to investigate how the public school system is running things.

The real problem is the misguided notion that there are universal standards of childrearing that can be applied across all children without damaging significant minorities of the children. For example, the fact that "spare the rod and spoil the child" is unnecessary for some parents is insufficient to support the presumption of government officials that it is unnecessary for all parents, and that therefore application of state force should remove it not only from the public schools but from the private relationships between parents and their children. Interesting that these same governments can later subject a young man, who has grown up without a strong guiding hand, to a prison system where he is likely to be subjected to all manner of physical abuse, including routine sexual sadism and lethal infections which government officials absolve themselves of responsibility for by blaming it on the behavior of prisoners themselves. 1% of the US population is now in such prisons -- more than any other Western country. How can a government with such a record of abuse of those under its authority dare to interfere in the parenting practices of its citizens?

Application of force to protect children from this fate is more justifiable than is the application of state force to impose univeral rules of child-rearing.

the good, the bad and the ugly

[townmouse]

Good news:
This places a huge administrative burden on public institutions, in NH at least, that monitor individuals' online activities. If they have any sense they'll stop snooping. This is much better than the records being available to the bureaucrats but not to anyone else.

Bad news:
It also places a huge administrative burden on any public institution keeping non-personal logs to manage and secure its network. Libraries etc. may be forced to hire private contractors (who presumably are not affected by this ruling) to run their networks.

Ugly news:
To redact names and other personal information submitted over the web, the staff will have to pore over records which would normally be private. And it's hard to decide whether a piece of information is personal or not: for example, the nickname someone uses on Slashdot may or may not also be their nickname at school. On the other hand, the article suggests that the district will be forced to hand over the entire logs, redacting only the internal usernames and passwords.

I suggest the solution is to rewrite the usage policy to say that communication may be monitored, but only to collect statistical information and to investigate known problems and abuse. That ought to give students the privacy they deserve, and free the district from its onerous obligations.

Bess Proxy logs request letter using FOIA

[x-empt]

This is a letter I wrote today to my local school district regarding their use of the Bess Internet filter (mentioned on other /. stories).

---

Freedom of Information Officer
Network Services
Clark County School District
2832 E Flamingo Rd.
Las Vegas, NV 89121

Re: Freedom of Information Act Request

Dear officer:

Under the Freedom of Information Act (5 U.S.C. 552) I would like to request the following materials from the Clark County School District (CCSD):
1) All documentation regarding the implementation of the Bess web proxy system provided to CCSD by N2H2. Including proxy configuration, network topology after installation, and the reasons for the Bess installation.
2) All access logs that are recorded by the Bess proxy filter. These logs should be provided in digital form, compressed using either ZIP or gzip compression algorithms.
3) Documentation regarding the effectiveness of Bess at blocking Internet sites deemed inappropriate for minors and sites that have been mis-categorized by Bess.

I am aware that I am entitled to make this request under the Freedom of Information Act, and if your agency response is not satisfactory, I am prepared to make an administrative appeal. Please indicate to me the name of the official to whom such an appeal should be addressed.

If my request is denied, I am entitled to know the reasons for denial.

I am aware that while the law allows your agency to withhold specified categories of exempted information, you are required by law to release any segregable portions that are left after the exempted material has been deleted from the data I am seeking.

I also request a waiver of all fees for this request. Disclosure of the requested information to me is in the public interest because it is likely to contribute significantly to public understanding of the operations or activities of the government, and is not in my commercial interest. I am classified as noncommercial news media under the Freedom of Information Act.

Sincerely,

[my name / contact information]

Re:Why is this under 'privacy'?

[f5426]

> Hello? If you access the internet via a public resource such as a school or publid library, then you shouldn't expect much privacy. As stated, these are logged and as such, are public property subject to the FOI act. Seems like a no-brainer.

Uh ? TYhe question is why is the library keeping the logs ? If I walk on the street, for instance, I don't expect a camera somewhere spying everything I do, and then giving that information to anyone. So, yes, this is, IMHO, a privacy issue.

Cheers,

--fred

Re:Why is this under 'privacy'?

[f5426]

> While you may not expect this, the law stated explicitly that in this case you have no legal expectation of privacy on a public street.

This is because we don't live in the same country. In france, AFAIK, this won't be admissible by a court (which is, I beleive, a good thing).

Btw, by saying "I don't expect", I wanted to imply that, while I know there are a lot of camera out there, the chances that I am recorded, that the videtapes are released, and that the information is used is rather slim.

More precisely, I don't fear the public camera because there are not much of them (relatively. I mean that I can resonably expect not beeing tracked every second), because the information is hard to extract, and because the information is hardly avalaible.

My english is f*cked, the keyword in the original sentence was 'a camera somewhere spying *everything* I do'. When surfing on the web, the logs contains *everything*. This is scary. If the real-world cameras were spying *everything* I do, then it would be a huge privacy issue...

Cheers,

--fred

I'd like to see the administrations logs...

[nothng]

If they are going to release the students logs, then I'd also like to see the administrations logs, the school boards logs, and hmmmm the goverment's logs also. I have a feeling that adults in position of authority are going to be more likely to abuse they're internet access than students... of course this is completely a guess so it would be cool if any one has any figures.

Re:As a parent

[nothng]

I totally agree that parents should have access to school records of their children, however I don't think you should have access to records of my children, my neighbor's children, your friend's children etc. If internet records are requested, then I think you should only get your children's access and no one elses. You certainly wouldn't want the whole world accessing you child's cumlative record without consent, I would consider internet logs the same.

Your policy should be to delete!

[imagineer_bob]

I used to work for a major "dotcom" (remember those?).

We were advised by our attorney not to save anything, and that policy worked. After 48 hours, logs were purged, after summary information was collected.

We'd occasionaly get inquiries from the FBI tracking down a case of Internet stalking or child pornography, etc, and we'd just tell them that our our logs get deleted after 48 hours. We'd follow this up with the page copied from our procedure manual.

This satisfied them, and they didn't ask us to change this policy.

There's no good reason to save internet logs for years. It can only hurt you, and never help you. THROW THEM AWAY, folks!

Collective vs. Individual

[NevDull]

If records are being kept with regard to overall usage, then there should not be a problem. Ascertaining profiles of overall usage is something which should be done to determine proper resource allocation.

I think it's similar to some ISPs' policy of not carrying alt.binaries.* on their news servers. If students are killing the lines downloading MP3s, and others are not able to use thomas.loc.gov or the like, then fine. It's not the collection or analysis of data which is a problem, it's how it's acted upon.

-Nev

As a parent

[Capt.+Beyond]

of a teenager, I have a responsibility and a right to know what my daughter is doing at school. If she is ditching school, I want to know. If she is using the public computers to access porn sites, I want to know. You all can cry all you want about 'invasion of privacy', but when it comes down to it, the parent IS responsible for the actions of their kids. If I suspect she is doing drugs in my house, you bet I am going to 'invade her privacy' and go through her drawers.

Re:As a parent

[dohnut]

That's fine, but you don't have a right to know what my kid is doing on a public computer. Just like if you suspect my kid is doing drugs, I'd better not catch you in my house going through their drawers.

Re:As a parent

[Harri]

Two things.

Thing the first: The guy's children are _not at that school_, and he is requesting the log files for all of the children in the school. He does not have responsibility for any of those kids.

Thing the second: You might have the legal right to go through your daughter's drawers. But I'm not convinced that you have the moral right. Why shouldn't she have the same right to privacy as you? I don't believe your "responsibility" for someone's upbringing suddenly gives you the right to go through their personal stuff.

You need to read the article

[jesterzog]

Judge Abramson found that the district could use an inexpensive "write script" to produce a record without revealing confidential information, such as an individual student's name, user name or password, therefore the documents were not exempt.

While I don't agree with releasing this type of information individually or collated, this quote from the article at least goes part of the way. It implies that the court believes individual privacy (such as asking for someone's specific records) is a separate matter.

In short, the father wasn't asking to see anyone's specific access records and he didn't need to. Going by the documented judge's finding, this probably worked in his favour.

===

Hey, don't forget:

[sulli]

"Comments are owned by the Poster." He can do whatever the fsck he wants.

Re:Doesn't sound right to me

[dubious21]

You.....are not smart. Think before you make a post. Telephone = private business. Publice School = Public entity. The telephone company could not give out your information to just anyone. They would have to be legally compelled to do so via warrant or writ.

Silver lining

[Siqnal+11]

It's encouraging to see that the school & district took a stand on this one, even if they lost.

--

Several issues here, but ruling is IMO right

[Masem]

First, some say the guy has no right to be asking for this information as his children now attend private school. Realize, however that this case started two years ago, appearently near the time when the guy transferred his children from the public school system in question to the private schools.

Also note that the judge specifically balanced the privacy of the students *AND* faculty vs the state's right to know law, and said that a program can be used to strip out all identifible information: the guy is only going to get a list of sites that were visited by the school system, so privacy *is* protected. If he wanted to go one step farther and find out who visited whitehouse.com, for example, he would then probably have another court battle to face, and given the expressed interest of the privacy of the students *AND* faculty, he probably wouldn't get it. In any case, all this guy wants is evidence that children visited explicit sites such that he can fight for mandatory filtering.

This is a PUBLIC institution, and therefore was not exempt from the public right-to-know law. Some here appear to be worried that it will extend to ISPs and whatnot. But those are for the most part private institutions, and therefore do not have to respond to public requests like this. The only way such log files will be revealed to third parties is if they are subpena'd.

Some are trying to compare a real world example, and the best way to think of this result is that if I wanted information from a public library on it's lending records, all I can expect as a public citizen is a list of books and how many times they were checked out. I would not expect to be able to trace back who borrowed a specific book without further legal action.

This does create an instresting situation for those in public colleges however. Yes, I would expect that a similar challenge on log files will give a similar result (only getting the list of sites, not names and such), but this is college, and I would expect to see a more diverse list. May be something to watch for.

And there is a good point on pg 2 of the Times version: if this decision is held throughout it challenge, then groups like Peacefire can easily get infomation on real-world lists of sites that were blocked if filters become mandated, and thus fight for removing such filters or emphasizing more public input into better filters.

Re:That's where it starts...

[Masem]

The lists that the guy will be given will be stripped of any identity or specific machine. Remember, the computer network was also used by staff and faculty, so the rights of adults are at stake here as well. The judge specifically mentioned the balance between privacy and right-to-know laws.

Re:But where is the legal interest

[Masem]

The challenge for the records started in 1998, while his kids were still at the public school system. He withdraw his children and moved them to the public school system apparently when he couldn't get the records and started the legal battle. I believe that he does have sufficent interest in the matter (if he had those logs from day 1, would he have withdrawn the children and spent the money on private school?)

Is this really an invasion...

[Millennium]

I'm not so sure this is an invasion of privacy. The reason: although you can trace access back to a terminal, you cannot reliably trace it to a user. In other words, it can be found that someone accessed www.1337pr0n.com at such-and-such time, but it cannot find who that was.

Mind you, I don't want this kind of thing getting into the hands of bookburners, as would be the case here. But I'm not sure there's anything illegal about his request.
----------

Re:IHLF

[tiny69]

If this information can be used obtained through FOI, then I expect lawyers will start requesting this information more often. I fear this information will be used in smear campaigns for no other reason than to dicredit the individual.

Lawyer in court: On this day, [insert date], you downloaded 150 pictures from www.kinkysex.com ...

A related story: Traffic cameras

[weave]

DelDOT has traffic cameras all over the state of Delaware. Once while checking out the traffic on I-95 I saw the camera zoomed in on an accident scene. I asked a friend in DelDOT if they recorded the video camera images. He said the absolutely DO NOT do this. One can't subpoena something that doesn't exist nor ever existed.

There's a lesson I learned from that.

What are your current backup tape retention policies? Do you just keep a few generations or do you stash long-term archival copies somewhere? If so, for what purpose? Will they come back to haunt you, your users, YOUR COMPANY, later?

The problem here is that seldom are there laws or regs saying stuff must be recorded, backed up, etc. But if they happen to have been, then they are open game for subpoenas and if applicable FOI requests.

Uhh, one other point!

[Jason+W]

I can't believe no-one has mentioned this yet. The school is required to remove the username/passwords from the logs files, right? This usually means writting a quick regex based script to filter out the first two columns or something similar. But what about logins/passwords for other sites? Or just explitive URLs? Here are some examples:

• http://slashdot.org/users.pl?op=userinfo&nick=Ja son+W - Shows that I probably use the nick Jason+W on Slashdot
• http://slashdot.org/comments.pl?sid=00%2F11%2F10 %2F1311205&cid=&pid=0&am p;am p;startat=&thresho ld=2&mode=nested&commentsort=3&op=Reply - Shows that I posted this comment, with 100% accuracy using time stamps
• http://slashdot.org/index.pl?op=userlogin&upassw d=somepassword&unickname =Jason%20W - Shows both my username and password

These are just a few of the possible URLs. Also remember that POST and GET requests are logged too, so even if it doesn't show up in the URL, its still logged. It would not be hard at all to imagine someone collecting all of the records from around the country and doing a quick search to find where a particular "username" lives. Sure, not everyone is a student, but the internet is ATM mostly kids.

Me? I use an HTTPS proxy to encrypt everything I send, so I'm ok. But most students have no way of knowing such a thing exists, and recreational browsing at schools is a must in today's society.

Re:Why is this under 'privacy'?

[DoomHaven]

Not only that but from reading the article:

"a record without revealing confidential information, such as an individual student's name, user name or password"

So, only the internet addresses (whether they be DNS or IP addresses) were given, not userids, passwords, or, most importantly, real names.

Unless, of course, the script produces also the client IP of each computer and the time of request, and the parent has some way/document of matching J. Random Student to J. Random Computer at a given time. Unless he has these three pieces of information, that information he received is not very useful in regards to tracking students.

If I were that school, this is how I would give him the data: I would give him a list of only each place the student, by IP address only. Thus, he would have a huge listing of:

143.23.145.165
135.204.65.1
208.123.5.143

etc, etc. It's that the bare minimum they have to comply? Or, even better, hex encode it, and give it to him as:

1A.0B.AA.F8
5B.CA.64.03

etc, etc. I mean, that is a completely valid method of writing IP addresses down.

I mean, true, now the school *has* to comply. Doesn't mean that they have to make it easy.

Cool!

[Greyfox]

Maybe I could obtain the White House browsing records using the same strategy. I could use some new porn sites...

I wonder... if it's mandated that schools and libraries use a censorware product, could you demand the list of sites the product bans under the same act?

Re:Why is this under 'privacy'?

[Fjord]

If I walk on the street, for instance, I don't expect a camera somewhere spying everything I do, and then giving that information to anyone. So, yes, this is, IMHO, a privacy issue.

While you may not expect this, the law stated explicitly that in this case you have no legal expectation of privacy on a public street. Thus, if you are videotaped or audio recorded by police doing an illegal activity, it is admissable as evidence in court. This even extends to private property for public use (like a mall, or a restaurant). However, in your home, police must have a judge sign off on the taping for it to be admissable evidence.

IANAL

Intelligent decision making?

[marshall11]

I hope posters are using the free link to actually read the article before firing off their posts.

Call me foolish, but I am not as upset after reading about the ruling of the judge. By ruling that identifying information about users be removed from the logs before they are turned over, he's protecting personal privacy and obeying the FOI Act.

When this father's crusade is said and done, I belive he's going to find nothing that justifies his censorware. In fact, he's probably going to create another problem. He's going to find some consistant evening or early morning "dirty" surfing going on - there's going to be a scandal over which faculty member or administrator (or stupid sysadmin who forgot to remove that from the logs) visits the sites and the censorware will be forgotten or the shouts of "family values!"

Someone else will step forward with information about how screwed up filtering software is (not only ethically, but even under it's own standards, by blocking political or inocuous info). And maybe, just maybe, enough people will admit that they too, have surfed for porn, and that maybe this is all ridiculous.

I'm not pushing a transparency critique here, I'm just acknowledging that once some info escapes through a crack in the dam, it's only a matter of time before it breaks and intelligent and relevant decisions can be made.

Besides this is Vermont. We get this guy some Ben and Jerry's and we'll have no problem!

IHLF

[joto]

Internet History Log Files. Is this a common abbreviation, or is it just that lawyers speak that way.

I think we are forgetting something

[Lostman]

I am wondering if the logs in question include the "webpage" they loaded. What I mean is www.somepage.com/index.html instead of www.somepage.com. If it does include the page, then this could be a much greater invasion of privacy than many believe.

You could be able to find what students are searching for (because it is included in the URL of search engines), possible find out who the kids are (username for sites that send with URL), and intercept "private" messages that COULD be sent over the URL.

Has anyone heard whether or not the logs include the page they viewed?

Re:Why is this under 'privacy'?

[ScuzzMonkey]

Obviously not a sysadmin... I log everything I can get my hands on and it's priceless for troubleshooting. I don't expect that whoever is running the school's network is any different, public entity or not.

I think that we're fighting the wrong fight here. If the technology exists to collect such information, it will be used, and it will be susceptible to abuse. That's pretty clear from the history of technology. The only question will be, who gets to abuse it? By fighting for less disclosure, we are essentially tying our own hands when we have need to root out abuses by those in power.

David Brin makes this issue his central argument in "The Transparent Society" which was published a couple of years ago. It's a must read for anyone interested in privacy issues, IMHO, just to get an out-of-the-box take on the problems. What he says, essentially, is that the more you attempt to lock down information, the more susceptible it is to undetected abuse by those who do control it. And with data collection technologies becoming less and less obtrusive, soon there will be no way to know that it's happening at all--unless we can create a meme that will call for _more_ disclosure, not less. The solution is not to try to lock away public (or in some cases even private) records, but to make them more accessible to everyone. In essence, what he says is that it's more valuable to open everything up to everyone (providing a sort of check and balance environment) than it is to restrict knowledge to a few who may abuse it with impunity, protected by those same privacy laws. He does not state, but I believe that it is implied, that we really only have a brief window of time to accomplish this, before we lock things down to such an extent that recovering such freedoms becomes problematic.

Not everyone will buy this--I'm not sure I do completely--but it's certainly worth considering the un-intended consequences of reactionary calls for secrecy.

Re:Requesting info

[cube+farmer]

Start with the school district office (not the school site office, necessarily -- they probably won't have a clue what you're talking about). Generally, one person at the district office is in charge of public relations/public information. That person may be the superintendent or the responsibility may lie (pun intended) with a director of public relations or some similar title.

Tell your contact you want to make a request for public records under the Freedom of Information Act (FOIA). There may be paperwork and a fee for document reproduction involved, which will vary from district to district. Depending on the district, your liaison will contact the appropriate staff person to obtain the logs, or may refer you to her directly.

If the district resists your request, you now have precedent (at least in New Hampshire) in your favor. Have a good time!

Re:Why is this under 'privacy'?

[kris]

I like his argument, but his .sig really
pisses me off. Slashdot's forum is a public
place. Anything you say here can be quoted
as if you yelled it on the streets of Miami.
That is the result of public expression.

Quoting, or more properly, citation, is covered under fair use. Look it up at Brad Templeton's site: Myth 4, third paragraph:

Fair use is almost always a short excerpt and almost always attributed. (One should not use more of the work than is necessary to make the commentary). It should not harm the commercial value of the work -- in the sense of people no longer needing to buy it (which is another reason why reproduction of the entire work is generally forbidden.)

Also, by simple act of posting my comments here on Slashdot, I obviously implicitly allow copying of my content for the purpose of conducting a discussion on Slashdot. This includes viewing, printing, quoting, and all other uses necessary to have a discussion here on this site. Copyright law explicitly protects such uses.

Use of my text outside of Slashdot, for example in a book published by Andover, or on a Best Of Slashdot CD-ROM, or in other places or for purposes other than discussion here on Slashdot requires a license. That is, I have to explicitly grant you the right to use my words.

Copyright does not cover names, trademark law does that.

Copyright does not cover ideas, patent law does that.

So if you like what I write, but I would not grant you a license to use my words, you could always phrase the ideas I convey in your own words, or express them differently (i.e. using no words at all). That should be differently enough in order not to qualify as a derived work, though.

And finally, when asked, I usually grant the license to use my words for free - completely, unaltered and with correct attribution as well as a pointer to my homepage. I do like to get 1-3 free reference exemplars of printed matter, and pointers to the sites where my words are hosted. Also, I will not grant license to use my words for free, if you sell them. If you make a living by selling my words and my works, I demand a sensible share of that money.

If you want to read my words, and my works, please go to my homepage. You find it at http://www.koehntopp.de/kris. I keep freely accessible online copies of everything I have written and deemed useful, whether sold or not. I make my contracts in such ways that I can maintain this website with my works so that you can access all my published articles and USENET posts as well as my open source projects.

Copyright law may be not an ideal solution, and may be an annoyance sometimes. But there is (or at least was at some point in time) reason behind it and used sensibly and nonoffensively, it can be actually useful to protect the interests of the public as well as the interests of the author. Just try to think, and use Google, before you flame.

© Copyright 2000 Kristian Köhntopp

That's where it starts...

[crovira]

What if somebody went to the public library and asked to see your reading lists?

Just because someone hasn't reached the age of majority doesn't give anyone the right to traipse through records stripping them of any dignity or privacy.

The next argument will be: Well why should we stop just because they've reached the age of majority?

If its not tied to an individual person, what's the point? The school can also run the list through the IP filter to remove all traces of "unapproved sites" which might have been hit by who knows who?

Major snoops and people who are that invasive about information use should be deprived from it for the very reason that the asked for it!

Requesting info

[evanbd]

OK, I would like to request info. What's the procedure? My high school engages in a (relatively effective -- they are very fast at changeing based on student input) censorware package. I would like to request the log files not to particularly do anything with them, simply to make it widely known that they are public. what is the procedure? I think this might have an effect on both the students and staff. Thanks in advance.

Why is this under 'privacy'?

[w.p.richardson]

Hello? If you access the internet via a public resource such as a school or publid library, then you shouldn't expect much privacy. As stated, these are logged and as such, are public property subject to the FOI act. Seems like a no-brainer.

Re:Why is this under 'privacy'?

[billybob2001]

I don't expect a camera somewhere spying everything I do

Nobody expects the Spanish Inquisition!

Try looking up a bit more often. You're going to be shocked at how often you are on camera these days.

Re:Why is this under 'privacy'?

[kris]

I cannot tell you why you should expect privacy in the US when accessing the net via public ressources, but I can tell you why you should expect such privacy in Germany.

In Germany, the supreme court has ruled that if a basic right can only be excercised in a way that the person exercising this right would feel monitored, threatened or otherwise limited while exercising that particular basic right in such a way that that person may decide not to exercise that basic right at all, then this is identical to an illegal takeway of such a basic right and therefore illegal.

In the above library scenario that would mean: If you are using a public information terminal to exercise your right as an adult to browse arbitrary information sources and you must fear that your browsing history is being monitored and may perhaps be used against you, than this would be an illecal takeway of your basic right to free and unhindered access to public information. It may be okay or even necessary to monitor the internet connection of minors (judges are still out on this issue in Germany), but it is clear illegal to do such a thing on a public terminal when an adult is using that terminal.
© Copyright 2000 Kristian Köhntopp

But where is the legal interest

[gelfling]

The plaintiff has no direct interest other than a vague legal interest public policy, because, and this is important to understand, his own children are not in the public schools, are not the subject of this inquiry. The articles state that the plaintiffs own children are enrolled in PRIVATE school which specifically is immune from a legal challenge like this. So turnabout in this case is NOT fair play. We could not for example have the access records for his children made public because they are enrolled in private school and it is not a public policy issue.

So in the end this where law and public policy are mismatched to the Net? Why you ask? Well in this case it's not much different that protesting outside of a family planning clinic. the law states that protests have to be a certain distance from the front door so that people going are not only physically prohibited but also that they are not subject to undue emotional stress, verbal abuse, etc. In the case here there is no physical separation so what we have in effect is a protest or vigil that has a chilling effect on using a facility without the protection from figuratively blocking the door.

So the question you have to ask yourself is, is this challenge really about filtering software or is this challenge about using the facility at all. It would be interesting from a legal perspective to see whether this gentleman could be successfully prosecuted if he ever published and identifiable information on minors who access the Net. That is, let's say he is collecting this information in order to pressure the school or the students by publishing the names or addresses of sites they visit. If he refers to any identifaible attribute of a minors access, say, first initial last name could he be prosecuted under a law that bars divulging any information about minors without their guardians' consent?

sounds like a marketers dream

[smaring]

Wow. Free internet usage stats on a very specific and impressionable demographic. Advertisers are going to eat this up.