MIT Tracking Campus Net Connections Since 1999

An anonymous reader writes "MIT has been monitoring student internet connections for the past decade without telling them. There is no official policy and no student input." The Tech article says, though, that the record keeping is fairly limited in its scope (connection information is collected, but not the data transferred) and duration (three days, for on-campus connections).

Routine monitoring nothing to worry about

[fluffy99]

I'd be very surprised to find a college or ISP that didn't monitor their network in this fashion. Looks like maybe they are keeping DHCP, transparent proxy, and network statistics. Plus they are doing intrusion detection and looking for malicious activity. The good news is that they are not keeping these records long term, but only for a reasonable amount of time. If they are having a problem or suspicious activity then they probably keep it longer. Face it, your internet activities are NOT anonymous no matter how much you'd like it pretend that it is.

I can see the argument that you could in theory back out the web surfing history of a particular mac address.

These are things any self-respecting network should be doing. The issue here is students not realizing that some monitoring and logging is done. I'm willing to bet that consent to monitoring is referenced in an agreement that the students signed, but that the details of the monitoring are not spelled out.

At my work, users sign agreements on acceptable use and consent to monitoring. I only dig into the logs if there is a problem, the IDS flagged something, or an accusation is made. Sometimes the logs prove innocence, btw.

Misleading Headline

[Decado]

Seriously, they keep the records for 3 days for most traffic and 30 days for anomolous traffic which might indicate a threat to the network. Most networks I have seen keep data for far longer just because nobody ever bothers to clean out the logs.

The fact that they have a policy for cleaning the logs puts them streets ahead of the most network admins and yet they are being portrayed as the bad guys here.

Storm in a teacup if I have ever seen one.

Breaking News: MIT Runs a Network for Students!

[carlzum]

This is Quentin Smith reporting live from the Massachusetts Institute of Technology. News agencies are reporting that MIT has been keeping records of network activity. It's a practice called "logging" by hackers, crackers, and other computer deviants. Using nefarious software techniques, "loggers" can identify and disrupt innocent users' botnets.

Individuals with limited knowledge of computers like MIT students are particularly susceptible to these types of attacks. To combat these "loggers," experts suggest disabling firewalls and updating account information if you receive an email from your bank.

Three days...

[Chris+Snook]

...is just enough time to figure out:

a) where the bomb threat came from.
b) which building the suicidal student needs to get talked down from.
c) who impersonated the professor to cancel an assignment.
d) how a lab router ended up sniffing for passwords.

All of these things happened while I was in campus IT, but I never heard about an RIAA/MPAA complaint about something that happened less than two weeks prior, so this really doesn't look like undue outside influence to invade student privacy. It's just responsible network management.