----- Original Message ----- From: <edward.j.sargissonat_private> To: <rkastlat_private> Cc: <shane@time-travellers.org>; <loganalysisat_private> Sent: Monday, October 29, 2001 2:27 PM Subject: Re: [logs] Logging standards? > > I'm going to stick my oar in. > I think that people are getting confused in what privacy means in terms of > who your personal information is protected from being disclosed to. > > (IANAL but I've studied NZ Privacy law (and a bit of US law) at > University). > > In a time sharing system a user can have no expectation of privacy from > having their data/usage patterns/whatever from being known by the *system > administrators*. > In NZ, when signing up to a system a user would be told this up front but > it's fairly obvious. > > However, the user probably does have an expectation of privacy from having > that data spread to anybody else (bar the system owner/law enforcement). I disagree - not unless the privacy provisions are spelled out in the Contract. With exception of HIPAA or GLB enforced privacy here in the States and the EU's or other country's Privacy Legislation. > > So the fact that you (as a user) might spend a lot of time reading > loganalysisat_private is known by your sysadmin but he/she should > have no right to go tell anybody else about that. > > (In NZ, we have a number of information privacy principles enshrined in > law. One of them is that an owner of data can't use that data for purposes > that the provider of the data wasn't told about when the provider of the > data gave that data). > > So you see both sides of the argument are actually right. But this does not stop people from being exposed to the data... It just says that Contracts in NZ dont need to address use-of-data provisions like one in the US would. Most all of the EU is that way. Essentially what happens in the legal strat is that there is an embedded NDA between the supplier and the user... oh, and the Government too. Did I forget to mention that its pretty common knowledge in Internet Routing Circles that everything (IP data wise) that enters or leaves that part of the world is sniffed as part of a ESHELON or its analogs. And that the Governments of the Local Countries - NZ, A, and the outlaying Islands - all participate. > > Edward > > > > > Rebecca Kastl <rkastlat_private> on 30/10/2001 09:59:46 > > To: Shane Kerr <shane@time-travellers.org> > cc: loganalysisat_private > Subject: Re: [logs] Logging standards? > > > On Mon, 29 Oct 2001, Shane Kerr wrote: > > > > I think the privacy you refer to is from "other users", but honestly > > > how is it possible that you and the Systems Admins and Auditors would > > > or could not know each other more intimately. > > > > > > So - I ask again - what real expectation of privacy is there in a Time > > > Sharing System, other than by potential agreement between the users? > > > > This isn't the same question that you asked originally. You simply said > > that users should have no expectation of privacy, because the scheduler > > has to track what processes are doing. > > > > To me, this is akin to saying you have no reason to expect > > confidentiality from your physician because he has to know what ailments > > you suffer from. Hogwash! How can I *prove* that my doctor isn't > > sending reports of my various STD's to the press? Well, I can't. That > > doesn't mean I should expect my doctor to publish my private > > information. > > I disagree with you, and don't think you are presenting a valid argument or > acccurate analogy. > > First off, there can be no expectation of privacy on a multi-use > (time-sharing) system. In adddition to the reasons stated by Todd Glassey, > the system owner is able to monitor as they wish without having to > explicitly > state they are doing so. > > If you walk into a business (your employer, for instance), whether or not > you > feel it is reasonable, that business has a right to conduct video > surveillance > on you, monitor your access to the building, and monitor your access to > various building areas (e.g. use of proximity/swipe cards, security logs, > etc.). > > In businesses where such systems are implemented, you cannot have any > expectation of privacy (except in the restrooms -- maybe). The same goes > for > a system implemented in the course of business (or some other capacity). > You > are granted use with the implicit understanding that you may be monitored. > Don't think so? Walk into a record store at the mall -- you're being > surveilled. > > > As Todd asked, "what real expectation of privacy is there in a Time Sharing > System, other than by potential agreement between the users?" There isn't. > > > --Rebecca Kastl > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: loganalysis-unsubscribeat_private > For additional commands, e-mail: loganalysis-helpat_private > > > > > ---------------------------------------------------------------- > The information transmitted is intended only for the person or entity to > which it is addressed and may contain confidential and/or privileged > material. Any review, retransmission, dissemination or other use of, or > taking of any action in reliance upon, this information by persons or > entities other than the intended recipient is prohibited. If you received > this in error, please contact the sender and delete the material from any > computer. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: loganalysis-unsubscribeat_private > For additional commands, e-mail: loganalysis-helpat_private > --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Mon Oct 29 2001 - 15:36:50 PST