http://www.ucsdguardian.org/cgi-bin/features?art=2006_05_30_04 By Andrew Nguyen Senior Staff Writer May 31, 2006 Reading your e-mail is usually a private experience between you and the spammer that sent you that ad for the natural Viagra alternative. However, for UCSD students, that experience can be shared with the university administration, too: Even if you delete your e-mail, UCSD administrators can gain access to the ucsd.edu e-mail address provided to each student so long as they are authorized to do so by certain vice chancellors. With a sophisticated system of backups that allow the retrieval of e-mail even after it's been deleted, Academic Computing Services, the campus department that manages the e-mail system, and UCSD administrators could theoretically go through e-mails looking for instances of students breaking the law or university policy. What keeps them from doing so is the University of California's electronic communications policy, which focuses on "privacy, confidentiality and security in electronic communications." The policy spells out the circumstances under which a user's e-mail account can be viewed without his or her consent. At UCSD, the policy requires authorization from Vice Chancellor of Student Affairs Joseph W. Watson or Senior Vice Chancellor of Academic Affairs Marsha A. Chandler in order for an e-mail account to be inspected without the user's consent. The user must be notified of any such inspection. According to the Annual Reports on Nonconsensual Access to E-mail, between 2000 and 2004, UCSD requested authorization 12 times to access a user's e-mail without consent, and 11 of these requests were approved. In those cases, administrators sought to find out whether the user was breaking a law based on prior evidence, or there were "time-dependent, critical operational circumstances," were the reasons cited in the reports. Since users often delete e-mails to avoid running out of space in their mailbox, ACS developed a system that enables the retrieval of mistakenly deleted e-mail. ACS takes "snapshots" of the deleted e-mails at various times throughout the day - no less than twice per day - and can use those "snapshots" to restore e-mails that someone may need. Using a system of multiple hard drives for a seven-terabyte array that is then backed up to tapes, the data go quite a while back. Students or staff members can contact ACS to restore e-mails and, according to ACS Director Tony Wood, they're even used for disputes between faculty and students over grades. Since UCSD started providing e-mail service in the early 1980s, the number of e-mails that stream through the servers has increased to about 1 million a day. Out of all the messages that come into UCSD's e-mail servers, anywhere from 30 to 50 percent are spam, depending on the user's habits. Five percent of all e-mails contain viruses. Because of this, ACS has servers dedicated to keeping viruses and spam out of users' mailboxes. The UCSD Internet link isn't an ordinary connection: It's a massive optical pipeline that connects all the campuses of the University of California, as well as Stanford, the University of Southern California, Caltech and other universities. The connection is purchased through the Corporation for Education Network Initiatives in California - of which UCSD is a central backbone - for $160,000 a year, according to Wood, which pays for membership fees and Internet2 access. UCSD also purchases access to the Internet through CENIC measured by bandwidth use, at a cost of an additional $10,000 per month on average. The Internet connection isn't solely paid for by students; the state helps to pay for Internet connections used for more instructional purposes, while students pay for the wireless network, the wired connections in the residential areas and the computer labs. Once that connection gets to UCSD, according to Wood, it's divided up between 45,000 wired IP addresses, which connect about the same number of computers, and 15,000 monthly wireless users. All of these computers share a connection that has a bandwidth of about 50 megabits per second - in other words, way faster then your connection at home. With all that bandwidth, users can usually go about their business with no problems. It's only when someone is using a large amount of bandwidth that ACS is alerted. Unusually large uses of bandwidth are almost always caused by hackers attempting to send out spam or viruses, or by the use of peer-to-peer file-sharing software to upload and download large numbers of files. In the former case, ACS will just shut down the connection and repair the computer. The latter case, however, is more complicated. If a user is using so much bandwidth that it interferes with nearby users' connection, ACS will implement a rate limiter that slows down how much the individual can use at one time. Usage, not content, is monitored and even then only in UCSD residential areas. When it comes to ACS involvement, it's not what you're downloading, it's how much you're downloading. If ACS receives evidence that a user is committing or has committed a violation of its acceptable use policy, including copyright infringement and violation of federal, state or campus regulation, then it must take action. Usually after a warning for the first violation, ACS stops the connection for a period of time and refers the student to his or her relevant college judicial board. With e-mail approved as an official form of university communication and near-universal access to the Internet around campus, the UC system has had to create a policy that views e-mail and Internet usage as an important component of daily life - just so long as users behave. _________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 29 - August 3 2,500+ international security experts from 40 nations, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Wed May 31 2006 - 00:27:58 PDT