Slashdot Mirror

← Back to Stories (view on slashdot.org)

MIT Tracking Campus Net Connections Since 1999

Posted by timothy on from the why-assume-otherwise? dept.

An anonymous reader writes "MIT has been monitoring student internet connections for the past decade without telling them. There is no official policy and no student input." The Tech article says, though, that the record keeping is fairly limited in its scope (connection information is collected, but not the data transferred) and duration (three days, for on-campus connections).

17 of 125 comments (clear)

  1. What school doesn't? by Anonymous Coward · · Score: 2, Insightful

    At our university, the lawyers would have a fit if we weren't.

  2. Routine monitoring nothing to worry about by fluffy99 · · Score: 5, Insightful

    I'd be very surprised to find a college or ISP that didn't monitor their network in this fashion. Looks like maybe they are keeping DHCP, transparent proxy, and network statistics. Plus they are doing intrusion detection and looking for malicious activity. The good news is that they are not keeping these records long term, but only for a reasonable amount of time. If they are having a problem or suspicious activity then they probably keep it longer. Face it, your internet activities are NOT anonymous no matter how much you'd like it pretend that it is.

    I can see the argument that you could in theory back out the web surfing history of a particular mac address.

    These are things any self-respecting network should be doing. The issue here is students not realizing that some monitoring and logging is done. I'm willing to bet that consent to monitoring is referenced in an agreement that the students signed, but that the details of the monitoring are not spelled out.

    At my work, users sign agreements on acceptable use and consent to monitoring. I only dig into the logs if there is a problem, the IDS flagged something, or an accusation is made. Sometimes the logs prove innocence, btw.

    1. Re:Routine monitoring nothing to worry about by fluffy99 · · Score: 2, Insightful

      Except we have governments actively trying to thwart the notion of privacy with calls like "think of the children" and the "war on terror". We've had data retention laws, illict wiretapping, internet traffic monitoring, etc. Do you honestly think that if someone comes up with a magic solution that the govt won't label it a security threat and somehow ban its use? Or automatically assume it's use involves illegal activities? We already see that with bittorrent.

  3. The problems of not having a policy... by KibibyteBrain · · Score: 3, Insightful

    Part of the problem with this sort of thing is, with no policy, where do reasonable expectations of privacy for using someone's pipe they've offered you access to begin and end? In general, with no privacy policy, there is no expectation of privacy, unfortunately.

  4. whenever we have a story about data retention by circletimessquare · · Score: 4, Insightful

    or the feds snooping, i am really frankly surprised

    you actually want to depend upon the federal government for your security?

    you want to depend upon some school, some cable company, some phone company not to snoop on you?

    whenever i'm encountered by this strange slashdot groupthink, i really have only one thing to offer: if you put it on a wire, if its outside your control, then the security or privacy of whatever you are doing is nothing you should count on

    the outrage seems artifical, contrived, illogical, exasperating

    if you want security, if you want privacy DON'T PUT IT ON A WIRE OUTSIDE YOUR CONTROL

    beginning and ending of discussion

    as if you actually want ot TRUST some other entity to do your security work for you?

    hey, how about this: YOU are responsible for your security

    you, and you alone

    is my pov really that strange?

    it seems odd anyone should consider it any other way

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
    1. Re:whenever we have a story about data retention by Man+On+Pink+Corner · · Score: 3, Insightful

      hey, how about this: YOU are responsible for your security
      you, and you alone

      Except where private ownership of firearms is concerned, though, right?

      At least that's the impression I've gotten from your last 5 years' worth of posts on K5.

  5. Re:so its ok i put a camera in your car? by sunami · · Score: 4, Insightful

    The University provides Network access to the students. You do not provide him access to his car. Pick a better metaphor.

  6. Misleading Headline by Decado · · Score: 5, Insightful

    Seriously, they keep the records for 3 days for most traffic and 30 days for anomolous traffic which might indicate a threat to the network. Most networks I have seen keep data for far longer just because nobody ever bothers to clean out the logs.

    The fact that they have a policy for cleaning the logs puts them streets ahead of the most network admins and yet they are being portrayed as the bad guys here.

    Storm in a teacup if I have ever seen one.

    --

    Slashdot: Proof that a million monkeys at a million typewriters can create a masterpiece

  7. I think we need to start tracking... by Anonymous Coward · · Score: 1, Insightful

    ...when you are going to finsh that fucking movie.

  8. Re:private ownership of firearms by phantomfive · · Score: 4, Insightful

    In other words you are afraid of people with guns. I once got punched in the face, standing at a bus stop. It was terrifying. And yet I don't go around asking that all fists be taken off the streets.

    The world we live in is a dangerous place. I could have just as easily been stabbed, or pushed in front of a train. The sooner you learn to deal with the inherent dangerousness of life, the happier you will be.

    --
    Qxe4
  9. Re:so its ok i put a camera in your car? by thePowerOfGrayskull · · Score: 1, Insightful

    What? Stop with the stupid card analogies. They don't apply here. Let's come up with a better analogy.

    It's like... a service provider. Who provides a service. And that service provider monitors the health and usage of their service. And if you don't use their service, it doesn't affect you; while if you do use it, it does.

    There. Was that so hard?

  10. Re:3 articles down, California takes DNA on arrest by rtb61 · · Score: 2, Insightful

    What is much more interesting about this article, is not so much what MIT are doing with regard to typical network function monitoring, rather than data recording and individually targeted analysis, it is the way people are reacting. There has been a major shift in the general public view of digital privacy and the wild wild west days of invading the privacy of people, psychologically analysing them and personally targeting them with adds to manipulate their choices, is no longer considered acceptable.

    So a real push to regaining the privacy of your digital connections, even minor perceived invasions of privacy are now being publicly exposed, derided and demands are being made to eliminate them. Emails as postcards really distasteful and way over the top, privacy invasive social networking sites only use them to create a publicly acceptable facade not for your private life, search recoding and analysis pretty sick and reaching end of acceptable life, complete network monitoring and interpretive analysis over the long term without full legal oversight via the courts will only create a very very angry populace.

    It has been really interesting to watch the various changes in a developing industry, things that were once accepted are now considered unacceptable and, some peripheral lessons learned about necessary legislation to control the excesses of avaricious egomaniacal corporate executives will be taken from the financial sector and forcefully applied to the digital sector, expecting some sort of moral limits from corporations is really naive and demonstrably foolish.

    --
    Chaos - everything, everywhere, everywhen
  11. Re:3 articles down, California takes DNA on arrest by thePowerOfGrayskull · · Score: 2, Insightful

    hile it's wrong that they store the data without telling the users, and while users should have better expectations of privacy, you have to look at this in context

    No, back up. Why is it wrong? THey own the network. They are responsible for the health and maintenance of that network; and further they are responsible for the things people /do/ on that network to some extent.

    I agree with looking at this in context/with perspective, but I don't see how what they're doing is in any way wrong.

  12. Re:private ownership of firearms by Bobby+Mahoney · · Score: 2, Insightful
    Please, enough with your right to live, and your childish fear of guns. Cars kill more people than guns adjusted any way you like. One percent of one percent of deaths are gun related. How is this a credible threat to your "right to live"? The only answer is "It is not", contrary to what movies, television, and govt.'dependency-mongers' would have you believe.

    And fascists don't come out of the 'right-wing-small-government-yokel-in-the-woods' fray. It requires a Socialist leader (Hitler, Mussolini) to create a fascist state: You have to tie industry and finance to the government under the guise of rescuing or improving the plight of the working class. Hey, wait a minute!-

    --
    !#&*
  13. Three days... by Chris+Snook · · Score: 5, Insightful

    ...is just enough time to figure out:

    a) where the bomb threat came from.
    b) which building the suicidal student needs to get talked down from.
    c) who impersonated the professor to cancel an assignment.
    d) how a lab router ended up sniffing for passwords.

    All of these things happened while I was in campus IT, but I never heard about an RIAA/MPAA complaint about something that happened less than two weeks prior, so this really doesn't look like undue outside influence to invade student privacy. It's just responsible network management.

    --
    There's no failure quite as dissatisfying as a complete and total solution to the wrong problem.
  14. Re:hey lets give everyone plutonium by Anonymous Coward · · Score: 2, Insightful

    More to the point, if I were in a position to obtain a stash of plutonium, I don't think I'd be very concerned with whatever plutonium-control laws the rest of society might see fit to pass.

    I would be no more interested in plutonium-control laws, than criminals are interested in gun-control laws.

  15. Re:private ownership of firearms by Grym · · Score: 2, Insightful

    The more guns there are in a society the more intentional homicides, be it Somalia, USA, or Switzerland (three of the countries with the highest rates of gun violence and homicide anywhere in the world).

    So, what's your solution then? A gun prohibition? I suspect that will work about as well as Alcohol Prohibition or the "War on Drugs", which is to say not at all.

    The current arrangement in no way perfect. But there's no way to prove that a divisive campaign to rid the public of its arms wouldn't be worse. And even IF there are less bodies in the end, at some point one needs to consider how the people live rather than how many die. Being servants of the state or victims of the largest, meanest group aren't exactly desirable outcomes. And what about the will of the people? If the majority of voters see a place for firearms in private hands, why should they be denied that in a Democratic country? Because you know better? For their own good? Such is the mindset of an oligarch, an authoritarian.

    -Grym