http://www.nwfusion.com/news/2004/0803patriot.html By John Cox Network World Fusion 08/03/04 Nearly three years after its enactment, the USA Patriot Act remains not just a political but also a technological issue on many college campuses. Unprepared or ill-prepared schools can find themselves facing network problems, service disruptions, and in the worse case FBI agents driving onto the campus with subpoenas to haul off PCs, servers, and computer log data. IT groups can minimize the potential disruptions of Patriot Act investigations by taking the lead on campus to pull together legal counsel, administration, and faculty to craft a clear process for handling investigations that will become more common, says Peter Siegel, CIO at University of Illinois at Urbana Champaign. Siegel spoke this week at the annual conference of the Association for Communications Technology Professionals in Higher Education (ACUTA) meeting in Chicago. "The status of dealing with the Patriot Act in higher education is very mixed," Siegel said. "Some people say, "What does this have to do with IT?" Others say, "We have [network] security professionals who work closely with law enforcement agencies." There's not much in between, where you find people just ramping up [to deal with the Act]. For one thing, it's very hard to get people to share information about this." Siegel pointed out to his audience that while the Patriot Act is new, it doesn't actually introduce new legal instruments or actions. "Every component of the Patriot Act was present in previous law," he said. "But just not often used. Now, it's more likely that a Patriot Act incident will start or end or, especially, go through your campus." Siegel said the act does, however, lower the bar on judicial oversight on searches and seizures. But oversight is still required: seizing records or doing electronic surveillance requires a subpoena issued by a judge. "It allows [electronic] searches without requiring the person [under investigation] being notified, for an undefined 'reasonable time,'" he said. Schools may find themselves drawn into a Patriot Act investigation even if those being investigated are not actually students or employees of the school. The school's network and computers may be hijacked by someone halfway around the world to attack a third location. "You need a solid policy," Siegel told his audience. "If it's 2 a.m. and your network is being used to attack another university or a private company, who gets called?" Investigations under the act often require a complete information blackout. IT groups are forbidden to tell the subjects they're being investigated, or even acknowledge that an investigation is under way. One result is that you can't call network colleagues at another school and ask them how they handled a similar event. Law enforcement agencies may direct IT groups to take certain actions or to not take actions, either leading to network problems. They may be ordered to leave compromised or damaged computers and networks untouched while the investigation is under way. "This can disrupt work patterns," Siegel warned. "A given subnet could be taken offline or required to stay online… and you can't explain why to the [affected] users." Investigators could require some network or computer log data to be preserved up to 180 days. But what if parts or all of that data is, by IT policy, automatically deleted every 10 days, Siegel asked. Siegel urged his audience to bring together the campus players, such as legal counsel, appropriate provosts or deans, campus police, and others, who will be involved if any Patriot Act investigation is launched. Hammer out solid policies with clear responsibilities, and good lines of communication. Identify the personnel who will act as the leaders in an incident and train them in "customer relations" - in working knowledgeably and cooperatively with both the campus community and outside law enforcement. Cultivate trust and relationships with local police, state investigators, and local FBI offices, Siegel recommends. "If there's a new FBI agent that joins the local office, invite him over for coffee and talk with him," he says. "The real issues are really not technical, but [about] people. And they are solvable." _________________________________________ Help InfoSec News with a donation: http://www.c4i.org/donation.html
This archive was generated by hypermail 2.1.3 : Wed Aug 04 2004 - 15:36:49 PDT