I'm going to stick my oar in. I think that people are getting confused in what privacy means in terms of who your personal information is protected from being disclosed to. (IANAL but I've studied NZ Privacy law (and a bit of US law) at University). In a time sharing system a user can have no expectation of privacy from having their data/usage patterns/whatever from being known by the *system administrators*. In NZ, when signing up to a system a user would be told this up front but it's fairly obvious. However, the user probably does have an expectation of privacy from having that data spread to anybody else (bar the system owner/law enforcement). So the fact that you (as a user) might spend a lot of time reading loganalysisat_private is known by your sysadmin but he/she should have no right to go tell anybody else about that. (In NZ, we have a number of information privacy principles enshrined in law. One of them is that an owner of data can't use that data for purposes that the provider of the data wasn't told about when the provider of the data gave that data). So you see both sides of the argument are actually right. Edward Rebecca Kastl <rkastlat_private> on 30/10/2001 09:59:46 To: Shane Kerr <shane@time-travellers.org> cc: loganalysisat_private Subject: Re: [logs] Logging standards? On Mon, 29 Oct 2001, Shane Kerr wrote: > > I think the privacy you refer to is from "other users", but honestly > > how is it possible that you and the Systems Admins and Auditors would > > or could not know each other more intimately. > > > > So - I ask again - what real expectation of privacy is there in a Time > > Sharing System, other than by potential agreement between the users? > > This isn't the same question that you asked originally. You simply said > that users should have no expectation of privacy, because the scheduler > has to track what processes are doing. > > To me, this is akin to saying you have no reason to expect > confidentiality from your physician because he has to know what ailments > you suffer from. Hogwash! How can I *prove* that my doctor isn't > sending reports of my various STD's to the press? Well, I can't. That > doesn't mean I should expect my doctor to publish my private > information. I disagree with you, and don't think you are presenting a valid argument or acccurate analogy. First off, there can be no expectation of privacy on a multi-use (time-sharing) system. In adddition to the reasons stated by Todd Glassey, the system owner is able to monitor as they wish without having to explicitly state they are doing so. If you walk into a business (your employer, for instance), whether or not you feel it is reasonable, that business has a right to conduct video surveillance on you, monitor your access to the building, and monitor your access to various building areas (e.g. use of proximity/swipe cards, security logs, etc.). In businesses where such systems are implemented, you cannot have any expectation of privacy (except in the restrooms -- maybe). The same goes for a system implemented in the course of business (or some other capacity). You are granted use with the implicit understanding that you may be monitored. Don't think so? Walk into a record store at the mall -- you're being surveilled. As Todd asked, "what real expectation of privacy is there in a Time Sharing System, other than by potential agreement between the users?" There isn't. --Rebecca Kastl --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private ---------------------------------------------------------------- The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Mon Oct 29 2001 - 15:02:50 PST