Slashdot Mirror

← Back to Stories (view on slashdot.org)

MIT Tracking Campus Net Connections Since 1999

Posted by timothy on from the why-assume-otherwise? dept.

An anonymous reader writes "MIT has been monitoring student internet connections for the past decade without telling them. There is no official policy and no student input." The Tech article says, though, that the record keeping is fairly limited in its scope (connection information is collected, but not the data transferred) and duration (three days, for on-campus connections).

12 of 125 comments (clear)

  1. Routine monitoring nothing to worry about by fluffy99 · · Score: 5, Insightful

    I'd be very surprised to find a college or ISP that didn't monitor their network in this fashion. Looks like maybe they are keeping DHCP, transparent proxy, and network statistics. Plus they are doing intrusion detection and looking for malicious activity. The good news is that they are not keeping these records long term, but only for a reasonable amount of time. If they are having a problem or suspicious activity then they probably keep it longer. Face it, your internet activities are NOT anonymous no matter how much you'd like it pretend that it is.

    I can see the argument that you could in theory back out the web surfing history of a particular mac address.

    These are things any self-respecting network should be doing. The issue here is students not realizing that some monitoring and logging is done. I'm willing to bet that consent to monitoring is referenced in an agreement that the students signed, but that the details of the monitoring are not spelled out.

    At my work, users sign agreements on acceptable use and consent to monitoring. I only dig into the logs if there is a problem, the IDS flagged something, or an accusation is made. Sometimes the logs prove innocence, btw.

    1. Re:Routine monitoring nothing to worry about by QuantumRiff · · Score: 3, Interesting

      I used to work at a small college.. We'd have bandwidth problems, I'd check the logs (ntop is very handy for this) and then look up the IP/MAC. Trace it to the nearest access point, walk into the cafeteria, see two students with laptops out. One of them, sitting far back in the corner so nobody could see their screen..

      It would scare the shit out of them when I'd walk up to them and just stay "please stop, or I will have to disable your access until you talk to the director of IT about our acceptable use policy" They could never quite figure out how I knew it was them..

      --

      What are we going to do tonight Brain?
  2. The problems of not having a policy... by KibibyteBrain · · Score: 3, Insightful

    Part of the problem with this sort of thing is, with no policy, where do reasonable expectations of privacy for using someone's pipe they've offered you access to begin and end? In general, with no privacy policy, there is no expectation of privacy, unfortunately.

  3. whenever we have a story about data retention by circletimessquare · · Score: 4, Insightful

    or the feds snooping, i am really frankly surprised

    you actually want to depend upon the federal government for your security?

    you want to depend upon some school, some cable company, some phone company not to snoop on you?

    whenever i'm encountered by this strange slashdot groupthink, i really have only one thing to offer: if you put it on a wire, if its outside your control, then the security or privacy of whatever you are doing is nothing you should count on

    the outrage seems artifical, contrived, illogical, exasperating

    if you want security, if you want privacy DON'T PUT IT ON A WIRE OUTSIDE YOUR CONTROL

    beginning and ending of discussion

    as if you actually want ot TRUST some other entity to do your security work for you?

    hey, how about this: YOU are responsible for your security

    you, and you alone

    is my pov really that strange?

    it seems odd anyone should consider it any other way

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
    1. Re:whenever we have a story about data retention by Man+On+Pink+Corner · · Score: 3, Insightful

      hey, how about this: YOU are responsible for your security
      you, and you alone

      Except where private ownership of firearms is concerned, though, right?

      At least that's the impression I've gotten from your last 5 years' worth of posts on K5.

  4. Re:so its ok i put a camera in your car? by sunami · · Score: 4, Insightful

    The University provides Network access to the students. You do not provide him access to his car. Pick a better metaphor.

  5. ZOMG! by Anonymous Coward · · Score: 4, Funny

    IT Professionals, working for major Universities, monitor network traffic?

    No. Fucking. Way.

  6. Misleading Headline by Decado · · Score: 5, Insightful

    Seriously, they keep the records for 3 days for most traffic and 30 days for anomolous traffic which might indicate a threat to the network. Most networks I have seen keep data for far longer just because nobody ever bothers to clean out the logs.

    The fact that they have a policy for cleaning the logs puts them streets ahead of the most network admins and yet they are being portrayed as the bad guys here.

    Storm in a teacup if I have ever seen one.

    --

    Slashdot: Proof that a million monkeys at a million typewriters can create a masterpiece

  7. Breaking News: MIT Runs a Network for Students! by carlzum · · Score: 5, Funny

    This is Quentin Smith reporting live from the Massachusetts Institute of Technology. News agencies are reporting that MIT has been keeping records of network activity. It's a practice called "logging" by hackers, crackers, and other computer deviants. Using nefarious software techniques, "loggers" can identify and disrupt innocent users' botnets.

    Individuals with limited knowledge of computers like MIT students are particularly susceptible to these types of attacks. To combat these "loggers," experts suggest disabling firewalls and updating account information if you receive an email from your bank.

  8. Re:private ownership of firearms by phantomfive · · Score: 4, Insightful

    In other words you are afraid of people with guns. I once got punched in the face, standing at a bus stop. It was terrifying. And yet I don't go around asking that all fists be taken off the streets.

    The world we live in is a dangerous place. I could have just as easily been stabbed, or pushed in front of a train. The sooner you learn to deal with the inherent dangerousness of life, the happier you will be.

    --
    Qxe4
  9. Re:so its ok i put a camera in your car? by BorgCopyeditor · · Score: 4, Funny

    Instead of trying ignoring it or steering the subject back to what's actually being discussed

    Ach! I know, I know, they put the pedal to the metal and just keep rolling and won't put the brakes on and finally literally drive the thread into the ground!

    --
    Shop as usual. And avoid panic buying.
  10. Three days... by Chris+Snook · · Score: 5, Insightful

    ...is just enough time to figure out:

    a) where the bomb threat came from.
    b) which building the suicidal student needs to get talked down from.
    c) who impersonated the professor to cancel an assignment.
    d) how a lab router ended up sniffing for passwords.

    All of these things happened while I was in campus IT, but I never heard about an RIAA/MPAA complaint about something that happened less than two weeks prior, so this really doesn't look like undue outside influence to invade student privacy. It's just responsible network management.

    --
    There's no failure quite as dissatisfying as a complete and total solution to the wrong problem.