Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Privacy Your Rights Online

Internet Usage Records Accessible Under FOI Laws 171

Posted by michael from the data-shadow dept.
thehawk writes: "In what could be a landmark decision in the area of online privacy rights, a New Hampshire court granted the father of a public school student the right to obtain Internet usage records of all students who used computers and Web access supplied by the school district. The district was also ordered not to withhold records that may be requested in the future and was forced to pay plaintiff's attorney's fees...." The New York Times also has a story on this.

The records in question are log files created by the schools' proxy servers of what URLs are accessed by the student body. The school district in question isn't censoring Internet access with any sort of censorware product (they use teachers to monitor what students are accessing), and the parent would like to prove that the students are accessing porn sites. I do not believe it is an invasion of privacy to access these records; if there was an invasion of privacy, it occurred when the school district collected the records on their students, not when someone else requested to see them.

Some comments of mine that didn't make it into the Times article: I hope that this situation casts some light on Internet usage at public facilities. Many, many Internet services are set up to create detailed log files by default -- proxy servers, Web servers, various login mechanisms and authentication mechanisms, etc. These records are being collected, and they are just lying around on machines or tape backups here and there, and they are, if the entity that collected them is a public entity, public records accessible under FOI laws. If you want to prove that your local school/library shouldn't be censoring the Internet, request the records. (I'll help! E-mail me.) If you want to prove that your local school/library should be censoring the Internet, well, I won't help, but I still support your right to get access to public files.

And while this situation is about records collected by public entities, the same records are routinely collected by private entities as well. Is your Web access going through a proxy server at your ISP? (The answer is more likely to be "yes" than "no," by the way -- a proxy can be installed that is transparent to the end-user.) Then your ISP is collecting detailed records of every single URL you access through their service. How long are these records being retained? Who is the ISP selling them to? Do you know?
This discussion has been archived. No new comments can be posted.

Internet Usage Records Accessible Under FOI Laws More

Internet Usage Records Accessible Under FOI Laws

Comments Filter:

  • Go private (Score:1)

    by Anonymous Coward
    This gives a whole new meaning to the term "privat school."

  • You might want to ask about (Score:1)

    by Anonymous Coward
    what exactly happened to www.censorware.org

  • No Big Deal (Score:1)

    by Anonymous Coward
    As long as they don't give out any names, there is no invasion of privacy here. (As far as I can see, it's just a summary of internet usage for the school as a whole.) However, I don't believe that government should be involved at all here. Choice in schooling will only come from a completely privatized [lp.org] educational system.

  • although you can trace access back to a terminal, you cannot reliably trace it to a user. In other words, it can be found that someone accessed www.1337pr0n.com at such-and-such time, but it cannot find who that was.

    Depends. I'm assuming this is a Windows network - if people are logged in, the proxy server is almost certainly recording exactly who accesses www.1337pr0n.com. This is what you'd expect in a workplace where everyone has user accounts, obviously not what you'd expect in a library, where all the terminals will surely just be logged in as guest accounts. A school? Could be set up either way..

    However, if you peruse the article in question, it makes reference to "the cost of redacting the names". Which certainly implies that (a) the logs do have the names of those who were accessing http://goatse.cx and (b) those names aren't going to be revealed.

  • Well duh, you've got little x-es where there should be numbers, you dummy! :)


    Rev. Dr. Xenophon Fenderson, the Carbon(d)ated, KSC, DEATH, SubGenius, mhm21x16

  • If I read the Newsbytes article correctly, it sure sounds like the judge had a clue when it comes to technology (e.g. the bit about not having to print out 80,000 pages of logs, merely burn them to CD). Maybe all hope is not yet lost!


    Rev. Dr. Xenophon Fenderson, the Carbon(d)ated, KSC, DEATH, SubGenius, mhm21x16
  • The person asking for access doesn't have any children in public school. He was also looking for all web logs for all computers owned by the school (i.e. what all children access). There's no way, even if he had children in public school, that he could only see what his own children are doing because you don't know which machine they're on at which time.
  • ...is the continuing belief in American culture that every single individual must mold public life to his or her individual whim.

    "Knight, a master plumber [nytimes.com] whose four children had attended schools...

    OK: the guy doesn't even *have* kids in the public schools now: he's already swept them off into a safe little nook where they are controlled in every thought and act.

    And *don't* start with "...but he's paying taxes that support the public schools.." -- his share of the total school district budget is miniscule at best. His share is probably neither substantially larger nor smaller than anyone else's..

    All of us are members of the entire society we live in, and a lot of people need to grow up and accept the fact that society at large may by necessity support transactions that we personally don't think much of...

    ...in the Exeter area two years ago before transferring to private schools, has been a vocal critic of the local school boards' decision not to require filtering or blocking software on school computers. Concerned that students were visiting pornographic or other inappropriate Web sites,

    Aha! This is what this is *really* all about: the guy has his own narrow little prejudices, and he's goddamed if he's going to let anybody else look at what he doesn't like.

    What's inappropriate? Sites about meat-based diets? Sites about Amnesty International? Sites about AIDS information? Sites about anime? This is *one guy* -- he's got his kids sealed off from what *he* doesn't like, but now he's going to censor what anybody else can look at? And don't doubt for one moment that this is exactly where this is going...

    ...he sought access to Internet History log files from 1998 -- the date when a majority of local students gained online access in schools -- to the present."

    The core problem here is that far too many people have the world-view of a three year-old: "I am the center of the entire universe, and *all* shall bow before my wishes".

    The atomization of American culture by the widely-held belief that any single individual can mold collective behavior into his or her own narrow tastes is the serious threat here, not the fact that school district web logs are suddenly public information.

    t_t_b
    --
    I think not; therefore I ain't®

  • There are a few important points that need to be made here.

    The school board on the surface did the right thing by trying to prevent the disclosure of these records. They screwed up massively on two counts though. They made the logs in the first place and if they were required to log them then they should've only been logged as bulk statistics.

    The judge seems to have acted in accordance with the states right to know policy unfortunately. The failure in this case solely rests on the school board: They enabled the disclosure of data under the Right to Know Policy by taking the data.

  • ...why not just have the logs expire after seven days? If you run into problems just temporarily increase expiration?

    Vermifax
  • And if you obtain books via a public resource such as a school or public library, then you shouldn't expect much privacy, either, right?

    Then why was it that when I worked in a public library, there were signs all over the place reminding us that the privacy of circulation records was protected by law?

    If there's no way to identify the student who accesed a particular site, then I don't have much objection. But Schneier's "Secrets and Lies," for example, discusses tricks people use to extract particular data from statistical queries. Do you know that a particular student usually sits in front of a particular workstation (and hence IP address) 6th period? Should his family know that he's looking at www.am-i-gay.com or www.dad-touches-me-where-he-shouldnt.com?
  • This is complete b.s. [...]
    It's not so far fetched. I've read of some businesses that do that exact thing (post sites visited with user IDs to internally available "public" sites) in an attempt to curb non-work usage. I can assure you, I'd read a lot less /. (or at least read it a lot slower (via my dial-up link -- my reading speed, as such, wouldn't change :)) if my employer did that.

    And if they tell you they do it before hand, and you sign a paper that acknowledges that admission, who's to blame when they find you at www.a-triple-x-site.com, and discipline you for it?
  • I diddnt assume that they were running Netware, I assumed that they had some technology aroun there school for some time, and thus were proabably running Netware. And from that I gathered that if they were running a proxy server it would be bordermanager.

    But my point was that tracking traffic per user is doable, easily.

  • The article dosent mention what NOS the school is using, or what proxy server product either.

    Since its a school with not only a internet connection, but one with a proxy server (demonstrating its a large network, not just a PC with a modem), we can assume there somewhat technicaly clued. There probably running Netware >4, so they have NDS. And there probably running either BorderManager, or one of the OEM proxy apps thats based on Novels code. Which are all aware. And can all do access control based on usernames, and/or workstation.

    Since the proxy server is doing ACLs on usernames (even if its allow everyone everything) it cleary knows who its sending data too.

    Should it be logged? As a sysadmin I say: log everything.

    Should the logs be accessable to say the school administration? Should they be accessable to just anyone? Harder questions. School Admins: sometimes, probably.

  • Ok, you whine when the school watches what you do on their computers.

    You bitch when work reads your email and watches what you do on their computers.

    Solution? DONT USE THEIR EQUIPMENT/COMPUTERS!

    The laws clearly state that the owner of the equipment can monitor it's use, until that law is changed (really fat chance on that happening!) noone should be suprised, or expect any less.

    Hell, most companies have phone monitors cacheing incoming and outgoing phone numbers dialed, and from what extension! We caught a moron making 1-900 calls from his cube, and fired his butt with it!. (Ohhh I violated his privacy!!! boo-hoo. Kisss my white american butt.) If they watch you at home, then that's wrong. But anyone can watch you in public.... that's an american right!

    The school did things right, and the parent is right in saying he/she has the right to look at it. NOW: if anything comes of it, "I.E. Look a porn site URL!!!!" it had better come from a IS professional's mouth. Most parents havent a clue on how cacheing logs work, or how the internet works... www.goatse.cx might be serving banner ads along with the sicko crap that is there... (I assume... from reading what others write about it.)

    Moral of the story? If you dont want to be watched, dont go outside. If you cant handle that, seek therapy.
  • Nice ideal to hide under... too bad it is just smoke and mirrors.

    I dont care what country you live in, the GOVT will monitor you if they desire, and they will do it without warning... ("knock,knock... Hello? Yes, sir, I'm from the government and I'll be monitoring you this evening... is there any times you wish that I not be peeking in your windows?")

    Given Germany's history, and the close ties to the US govt... they probably have a really nice profile on every citizen that is living there.

    Dig for the truth, dont accept what they tell you.
  • This differs from a child's school records in two ways:
    1. The judge that presided on this case said that all information identifying specific students had to be removed from the logs. So no personal privacy is being invaded in that way.
    2. The school's internet usage policy, which the kids should have known, stated that everything was being logged. There was never any privacy implied in their use of the Internet (just the opposite)...unlike the school records which are protected.
  • Anyone working for a federal institution should know better than to save their logs for more than a month. A better question is why was the school logging anything int he first place? They are not required to.
  • So it is monitored but does the policy say who may read the logs? The police? Teachers? Other students? School Board?

    This ruling says the general public may view those logs. While there is the freedom of information, there is the right to privacy.

    Just like many things we use are monitored, there are laws to protect us from an invasion of privacy.

  • This is interesting because of the analogies one may use.

    Are Internet transactions the equivalent of a telephone call? Therefor, the same rules of privacy apply as a telephone call and conversation?

    Or is an Internet transaction like a borrowing a book from the library? Even though, the borrowing and returning is instant. So the record of transactions follow the same provacy rules as to what you checked out at your school library.

    What if it wasn't a member of the public asking for the information, but a teacher. Teachers have some special privacy privledges equivalent of a parent of students.

    Does this ruling apply to any publicly funded entity: Library or even better the Internet transactions logs of our "friends" in Congress or State/Local Government. (I think there was a ruling already on the gov't one)

  • Try looking up a bit more often. You're going to be shocked at how often you are on camera these days.

    Amen. I'm on camera upwards of 30 times a day...

    You want cameras? I got your freakin' cameras. [georgia-navigator.com]

    --Xantho

  • None of which (except maybe C) is really anyone's fault but the students. Don't agree to something without knowing what you're agreeing to, it's a very basic rule.
  • It's not that hard to log IDs with ident, available on most platforms. You can log and trace anything if you feel the need.
  • Well of course it's a basic rule...I know that, you know that, but how many average high school students are going to care?

  • Sneaky git (Score:2)

    by Anonymous Coward
    The father wanted to see if the kids were looking at porn did he? Why, did he want some good links for himself then? ;)

    He could have just asked!
  • If that's the case, why this recent story [yahoo.com] about a man suing an impotence clinic when they used his image without his consent?

    Wasn't Fatboy Slim's album artwork "You've Come A Long Way Baby" changed in the US because they couldn't locate the person used in the original album artwork?

    ...j
  • I see a certain necessary level of control, but I don't see the necessity (or even benefit) of total control. The goal of a parent should not be brainwashing. If your child disagrees with you politically, does not want to join your religion, or has a different taste in music, that's perfectly fine - it's not your place as a parent to force them into certain viewpoints.
  • His house, his rules. When she attains the
    age of majority, and is capable of supporting
    herself, then and only then can she expect that
    level or privacy. At that point, it will become
    her house, her rules.
    To put it another way: them's that pays the piper
    calls the tune. When you can pay your own way
    in the world, that's when you start realizing
    freedom.

    I'd disagree. The daughter is not capable of supporting herself simply because she is a child. It is not her fault that her father must support her - it is entirely her father's responsibility for having a child, and he must accept that responsibility. Since, supporting the child is a responsibility that comes with having that child, it does not entail any additional rights for the parents - they are not justified in violating their daughter's privacy simply because she does not pay for her own house.
  • I'm sorry, but when did acccessing the Internet become a 'basic right'?

    It did not specifically become a basic right. But since I started this by reporting on the German view on things, I may continue to quote German law. The basic rights of German citizens are written down in the Grundgesetz [bundestag.de]. The first section of that law is about basic rights, and is specifically protected against alteration - yes, we actually did learn something from the past. Freedom of expression in Germany also includes unhindered access to public information sources [bundestag.de]:

    Jeder hat das Recht, seine Meinung in Wort, Schrift und Bild frei zu äußern und zu verbreiten und sich aus allgemein zugänglichen Quellen ungehindert zu unterrichten.

    translated: Everybody has the right to express his or her opinion freely in word, text or images and to inform himself or herself from publicly available sources.

    Given the fact that the internet has become a major information source in Germany, publicly accessible information terminals are being installed in public libraries specifically for the purpose of serving article 5, section 1 of the Grundgesetz. They provide the Grundversorgung (basic service). Basic service is seen as necessary in order to make information available to all citizens so that they can exercise his or her citizens rights and make informed choices in elections and participiate in political life.

    German Grundgesetz also defines the legal framework from which the derived basic right of Informationelle Selbstbestimmung (informational self-determination? Someone help me translate that) emerged during the 1974 (I believe) great census. The census rule said that citizen rights include the right to be left alone, and defined how intrusive the state can get and what can or can't be done with the data collected by the state. The census rule ultimately forced German legislature to create a privacy protection act and later led to the creation of a common European privacy framework.

    This is very different from the US approach, where there is no such general privicacy protection act and framework, but only a collection of case law, some specific laws and a general reliance on self-regulation within the industry.

    © Copyright 2000 Kristian Köhntopp [slashdot.org]
  • The court order specifically refered to protecting the identity of the students, something that the articles suggest the school board in question was fighting for. Given that, there will probably have to be concessions in the identity filtered list that are reasonable under this order, such as removing anything after a ? in the URLs (that is, arguements for a GET method).

    As for maintaining logs, it's become quite evident that having old logs can both harm you as well as help you in court cases. It's probably in the school's best interest to hold on to these logs, especially since the school is accountable to the public in that system.

  • Normaly the FOI act is a good thing to protect the public. However in this case someone used that act or the NH state version thereof to do something troubling. I would like to know exactly what information they are going to filter out of these logs.

    I think it may be time to write a few letters, any other NH residents here to join me in that?

    The Cure of the ills of Democracy is more Democracy.

  • Go to your library ask them, you will probably find that Library records are much harder to get at due to first ammendment protections. And a lot of libraries don't keep records after you return the book anyway. Just for such reasons. You may be able to find out how many people took out Harry Potter books, but not who.

    The Cure of the ills of Democracy is more Democracy.

  • You can trace back to an account, yes. But you can't trace directly to the user. After all, there's always the stolen password defense (for example). On a publicly-used terminal, there's no way to prove or disprove that conclusively, unless you were to install security cameras and monitor the tapes.

    And also, don't forget that logs can be tampered with, if someone has the know-how. Chances are there's at least one person like that in every school, and there's no way to tell who that is short of catching them in the act.
    ----------
  • Do I need to worry about somebody filing a FOI reqest for library records and finding that I only ever borrow Harry Potter books?

    Are all public institution records fair game? (except ones relating to national security)

    -ec
  • But contrary to the current fashion proclaiming that paying taxes entitles you to any and all instantaneous and unlimited access to any information, you are in fact, wrong. For if you were correct then you would also be entitled to, nay, guaranteed access to any and all school employees' or any governmental employees' HR records, the detailed accounting of any and all governmental agency or facility, the detailed logs, diaries notes or any other record on anything compiled by any government employee on any subject or matter whatsoever. Unlike some countries, like say Iran or the PRC there actually is an expectation of at least some privacy and the argument that because you personally pay taxes entitles you to having the final say in any and all details about running a government facility is specious. If that were true then you personally should be able to regulate dams, power plants, aircraft carriers and the like. The agument that you personally pay taxes so you personally have to gain a direct benefit is equally specious. Why you ask? Well there are many many things your taxes support that do not and would not expect to personally use. Take prisons for example - you pay for them but you do not expect to have to be incarcerated in one.

    You see this is great myth of the Right. That you personally need to give your detailed and instant approval to anything no matter how small the detail in order for the government to be legitimate. The fact is, you're a citizen a part of community and there are going to be things that you personally don't agree with. For anything else to be the case is an excuse for tyranny. I mean logically your taxes dollars went in part to subsidize the last election campaign of someone you probably loathe, fear & detest. Do you want to use the excuse that your tax dollar logically entitles you to ensconce one political party over all others? You have to know that that is not what the Founding Fathers had in mind when they designed the Democratic process. Specifically the intent was not to use the majority to supress all other beliefs. You may argue with that and carp about majority this majority that, to the victor go the spoils and so on but that would be a misreading of the Constitution.

    Now to go back to the original question. Yes, you are right when you were going to say that privacy is not guaranteed by the Constitution. Fair enough. I'll give you that when you open your life to any inquiry if you have ever received money that is not a refund of your own payment from any government agency, ever. After all my tax dollars went in part to that benefit you received. I want a complete accounting of what you did with it. That includes any good or service which in any way had any government subsidy or tax credit applied to it at any stage of the process. So for example if you receive a child care tax credit that should entitle me to examine exactly and in excruciating detail what you did with and how you rear your children.
  • One needs to establish legal standing. If one cannot establish direct legal standing then one is free to file an amicus, a 'friend of the court' as it were'. There is no doubt that one could sue for some remedy retroactively because that is why we have affirmative statutes of limitation. OTOH if one can no longer be helped or harmed by either outcome and there is no direct legal remedy to be obtained either way then one would or should have a very hard time proving legal standing. One could sue as a test case but its clear that the motivation for that is political or social, not legal. That is specificallt the point. An interest can derive from a benefit or it can be independent of any benefit or remedy. Either way you still have to establish standing. For example I don't have children in that school district either and don't even live in that state. I would have to establish some standing before being allowed to sue. I may claim that I have standing based on the fact that in some tiny way I helped pay for it but that is a vague and slippery path that no court would willingly pursue.
  • I am a college student that looks at porn, so I am not biased towards what I am about to say..

    If you are in a school setting, using school computers, under no circumstances should you have any privacy. You are in school to get an education not to stare at porn. Yes, all kids in schools are curious, wonderful, do it at home. Porn has no place in schools especially when you should be doing something constructive.

    As far as watching what someone is doing while they are on the Internet (snooping telnet sessions, etc) I used SSH, so it didn't much bother me but I feel that if you want to protect your privacy do it at home. School is for learning, not for porn.
  • We had a case like this a while back.

    The person had to have a subpenae to requests records on a specific individual. You can't just request data like that and use coercive force to obtain it.

    Tell the guy to do his own marketing research.
  • The FOIA [dol.gov] is a federal law, applicable to federal agencies. State and local governments are not subject to the law.

  • That is a brilliant idea.

    This means that actually you can make money off your kidz going to college instead of them eating all your money. Good point, wouldn't have thought of this one myself.

  • You apparently didn't read your own post. According to you, the only time monitoring is equivalent to denying the right is when the only options are monitored. Public terminals are not the only option for web browsing.
  • Disclaimer: IANAL, this is all IMHO.

    Keeping logs of what's happening isn't by itself an invasion of privacy. Also, it might be requested at a later time that logs be turned in by law enforcement agencies with a court order. The invasion of privacy is in using those logs for whatever reason, and acting because of discoveries from the logs even moreso.

  • Did anybody read the article? The internet policy at the school already says that all communication will be monitored at all times.
  • Where a friend of mine goes to school they use a proxy server (which happens to rought through the ISP that I work for) heheh... anyway.. he goes to a public high school. As far as I know though, the proxy server at the ISp doesn't log the URLs anyone goes to. It's basically a Family Friendly type of service, which anyone who subscribes to the ISp for internet access can use. They just put in the proxy settings and then the systme goes through something known as "Bess Proxy" which is a service that available to ISPs from another outside source. I've never used the service, but I've heard it works fairly well. Of course, there is a password to override it, so I assume the students could get around it.
    I've heard stories from the person that I know who says that he knows someone who went into the Library at the school, turned off Fortress (the software used to lock down the computer systems)_ and that turned of bess-proxy so he was able to get around to other sites that the school woudl have liked him to not get around to.
    Something like, the password for the Library computres was library. If the school really doesn't want kids getting into stuff, then why not make the passwords harder? I know where I went to college a while ago, and had access to some system administration things, the passwords were very eays. Why do school's not choose harder passwords? Do they not care about security?

  • The phone company is a company, as in a business. This story is about a school. A public school. The rules are completely different. Right or wrong, that's the way it is.

  • It would seem that the same law would apply to the logs at the Whitehouse and other major organizations.

    If the time spent at such sites is logged as well, then a significant case for wasted tax money can be made.

    There will likely be some interesting fall out from this...

    LetterRip
    Tom M.
    TomM@pentstar.com
  • The agument that you personally pay taxes so you personally have to gain a direct benefit is equally specious.
    Please re-read. What I said was that a tax-payer has direct interest. I am not saying that this interest automatically translates into a right to access all of that information.

    The original post implied that since his kids did not attend public school, that there was no legitimate reason for him to be interested in this information.

    Wow, I can't believe that entire novella you wrote was due entirely to this simple misunderstanding!

  • The plaintiff has no direct interest other than a vague legal interest public policy, because, and this is important to understand, his own children are not in the public schools...
    First of all, you are wrong. The very first sentence of the article says:
    In what could be a landmark decision in the area of online privacy rights, a New Hampshire court granted the father of a
    public school student the right to obtain Internet usage records of all students who used computers...

    Secondly, even if you were correct, I would say that the fact that he is required to pay property taxes to support that school (which he must do even if his own children don't attend that school!) gives him all the direct interest he needs.

  • I Hit Laughing Fnords
  • If I read the article right this guys main claim to the history files is that the school is publicly funded and as a taxpaying citizen he has a right to know, under FOI laws, what exactly the state is doing with his money. So he'll get acess to the browsing history of all the students in the school district. What about other public institutions though? Couldn't some one under the same FOI laws request the broswer histories/proxy logs of every state employee surfing at work? Provided of course any personally identifiable information is removed this also seems like a reasonable request. I'd personally like to know (and publish) the browsing record of say the governors office.
  • >You do not have a right to privacy, or even an expectation to a right to privacy, in a public place.

    yes, you do have a right to privacy, even in public. If I go to a public toilet, I do not expect to be monitored, let alone photographed.
    I am not required to identify myself, no matter who asks. And I can do just about anything in public space, as long as I dont violate any other laws (groupsex in yankee stadium would probably be public obscenity..)
    And if you take a picture of me reading some mag on a streetcorner (which is not news) I can forbid you from publishing the photo.

    Granted, the rights to privacy in full public view are less.. but you still have privacy.

    //rdj
  • I work at a large state university. A few years ago, as part of a lawsuit against the university, the plaintiff requested and received old email backup tapes through an FOI request.

    In response to this threat against the privacy of members of the university community, the university no longer keeps backups of email for more than a couple of weeks.

    So, one approach to the possibility of such a request is simply to systematically delete possible offending information as a matter of policy.

    At the end of (G. H. W.) Bush's presidency many of the whitehouse hard drives were erased, presumably to prevent information from getting into the wrong hands (arguably for good or bad reasons). The shame is that it is conceivable that such information could be useful to future scholars, and won't be available.
  • It seems very different to say to the library "What books have been checked out in the last year and how often?" and "What books did J. Random Patron check out in the last year?". Just like it seems okay for a site to say "information you give us will be sold or given away in aggregate form" but not without that aggregate bit.

    If these had any sort of log of who went where, then yes I would agree that this MIGHT be a privacy issue, but I doubt that they even have a good way of getting that information if they wanted.
  • > Why do school's not choose harder passwords? Do they not care about security?

    Why do the U.S. houses have no high fences with electrified barbed wire ? Why doesn't everybody wears a bullet proof vest and a gun ? It's called trust. And U.S. ppl just have too much of this stuff :)

    --
  • Aren't there laws, similar to child stalking laws, that prevent any institution from targeting children in a certain type of way including polling them? Meaning that, short of publishing these logs on the web, a commercial institution would not be given access (much like a child's school records are not publicly accessible).

    It would be trivial to circumvent this of course.. If anyone parent worked for such an organization, they could easily demand the records.

    -Michael
  • So the next step is that I should be able to sue the public libraries to see who has been reading which books.

    No, this is a completely different issue. Since people keep insisting on using library records as an example, I'll at least give a correct example. This ruling is equivalent to requiring a library to make public a list of how many times each book has been checked out. It does NOT require, or even permit telling who checked out what books.

    As a matter of course libraries do maintain and use a list of which books have and have not been checked out. This is part of the information they use when deciding what new books to buy ("Oh, I see that the books in our computer programming get checked out frequently. We should buy more of those.") and which books to sell at their used book sales ("Hrm. The 1984 edition of the Kelly Blue Book hasn't been checked out for 15 years. We should sell it.").

    It is not only the right but also the responsibility of the citizens to ensure that they have proper access to public records. The citizens also have the right and responsibility to ensure that equipment purchased with public funds is being used for its proper purpose. One way of doing this is to enumerate the webpages that are accessed by computers/internet connections purchased at considerable expense with public funds.
    _____________

  • Why would anyone get upset at something like this "invasion of privacy" by a taxpaying citizen is beyond me. Many parents who send their children to public schools are, in so doing, engaging in a form of child abuse well beyond mere "invasion of privacy". Of course, the same can be said for the use of television as a childcare tool.

    " in loco parentis" [columbia.edu] is the legal doctrine that the school has the responsibilities and privileges of a parent while the student is located in their educational facility. Since the tradition of corporeal discipline is more severe than merely inhibiting a child's supposed "right to privacy" it seems any taxpayer who is concerned about how his money is being spent is compelled to investigate how the public school system is running things.

    The real problem is the misguided notion that there are universal standards of childrearing that can be applied across all children without damaging significant minorities of the children. For example, the fact that "spare the rod and spoil the child" is unnecessary for some parents is insufficient to support the presumption of government officials that it is unnecessary for all parents, and that therefore application of state force should remove it not only from the public schools but from the private relationships between parents and their children. Interesting that these same governments can later subject a young man, who has grown up without a strong guiding hand, to a prison system where he is likely to be subjected to all manner of physical abuse, including routine sexual sadism and lethal infections which government officials absolve themselves of responsibility for by blaming it on the behavior of prisoners themselves. 1% of the US population is now in such prisons -- more than any other Western country. How can a government with such a record of abuse of those under its authority dare to interfere in the parenting practices of its citizens?

    Application of force to protect children from this fate is more justifiable than is the application of state force to impose univeral rules of child-rearing.

  • Good news:
    This places a huge administrative burden on public institutions, in NH at least, that monitor individuals' online activities. If they have any sense they'll stop snooping. This is much better than the records being available to the bureaucrats but not to anyone else.

    Bad news:
    It also places a huge administrative burden on any public institution keeping non-personal logs to manage and secure its network. Libraries etc. may be forced to hire private contractors (who presumably are not affected by this ruling) to run their networks.

    Ugly news:
    To redact names and other personal information submitted over the web, the staff will have to pore over records which would normally be private. And it's hard to decide whether a piece of information is personal or not: for example, the nickname someone uses on Slashdot may or may not also be their nickname at school. On the other hand, the article suggests that the district will be forced to hand over the entire logs, redacting only the internal usernames and passwords.

    I suggest the solution is to rewrite the usage policy to say that communication may be monitored, but only to collect statistical information and to investigate known problems and abuse. That ought to give students the privacy they deserve, and free the district from its onerous obligations.
  • This is a letter I wrote today to my local school district regarding their use of the Bess Internet filter (mentioned on other /. stories).

    ---

    Freedom of Information Officer
    Network Services
    Clark County School District
    2832 E Flamingo Rd.
    Las Vegas, NV 89121

    Re: Freedom of Information Act Request

    Dear officer:

    Under the Freedom of Information Act (5 U.S.C. 552) I would like to request the following materials from the Clark County School District (CCSD):
    1) All documentation regarding the implementation of the Bess web proxy system provided to CCSD by N2H2. Including proxy configuration, network topology after installation, and the reasons for the Bess installation.
    2) All access logs that are recorded by the Bess proxy filter. These logs should be provided in digital form, compressed using either ZIP or gzip compression algorithms.
    3) Documentation regarding the effectiveness of Bess at blocking Internet sites deemed inappropriate for minors and sites that have been mis-categorized by Bess.

    I am aware that I am entitled to make this request under the Freedom of Information Act, and if your agency response is not satisfactory, I am prepared to make an administrative appeal. Please indicate to me the name of the official to whom such an appeal should be addressed.

    If my request is denied, I am entitled to know the reasons for denial.

    I am aware that while the law allows your agency to withhold specified categories of exempted information, you are required by law to release any segregable portions that are left after the exempted material has been deleted from the data I am seeking.

    I also request a waiver of all fees for this request. Disclosure of the requested information to me is in the public interest because it is likely to contribute significantly to public understanding of the operations or activities of the government, and is not in my commercial interest. I am classified as noncommercial news media under the Freedom of Information Act.

    Sincerely,

    [my name / contact information]
  • Keeping logs in and of itself is not an invasion of privacy. BUT if you are a public institution, and you know that any John Doe can pop up and demand those logs, what you're doing is enabling massive infringement of user privacy, depending on how specific the logs are (if the logs give which computer accessed what at what time, it only takes some snooping to figure it out -- people fall into regular use patterns).

    So to prevent yourself from enabling an invasion of privacy, the best solution would be to keep barebones, informational logs (such as network use statistics).
  • > Hello? If you access the internet via a public resource such as a school or publid library, then you shouldn't expect much privacy. As stated, these are logged and as such, are public property subject to the FOI act. Seems like a no-brainer.

    Uh ? TYhe question is why is the library keeping the logs ? If I walk on the street, for instance, I don't expect a camera somewhere spying everything I do, and then giving that information to anyone. So, yes, this is, IMHO, a privacy issue.

    Cheers,

    --fred
  • > While you may not expect this, the law stated explicitly that in this case you have no legal expectation of privacy on a public street.

    This is because we don't live in the same country. In france, AFAIK, this won't be admissible by a court (which is, I beleive, a good thing).

    Btw, by saying "I don't expect", I wanted to imply that, while I know there are a lot of camera out there, the chances that I am recorded, that the videtapes are released, and that the information is used is rather slim.

    More precisely, I don't fear the public camera because there are not much of them (relatively. I mean that I can resonably expect not beeing tracked every second), because the information is hard to extract, and because the information is hardly avalaible.

    My english is f*cked, the keyword in the original sentence was 'a camera somewhere spying *everything* I do'. When surfing on the web, the logs contains *everything*. This is scary. If the real-world cameras were spying *everything* I do, then it would be a huge privacy issue...

    Cheers,

    --fred
  • If they are going to release the students logs, then I'd also like to see the administrations logs, the school boards logs, and hmmmm the goverment's logs also. I have a feeling that adults in position of authority are going to be more likely to abuse they're internet access than students... of course this is completely a guess so it would be cool if any one has any figures.
  • I totally agree that parents should have access to school records of their children, however I don't think you should have access to records of my children, my neighbor's children, your friend's children etc. If internet records are requested, then I think you should only get your children's access and no one elses. You certainly wouldn't want the whole world accessing you child's cumlative record without consent, I would consider internet logs the same.
  • I used to work for a major "dotcom" (remember those?).

    We were advised by our attorney not to save anything, and that policy worked. After 48 hours, logs were purged, after summary information was collected.

    We'd occasionaly get inquiries from the FBI tracking down a case of Internet stalking or child pornography, etc, and we'd just tell them that our our logs get deleted after 48 hours. We'd follow this up with the page copied from our procedure manual.

    This satisfied them, and they didn't ask us to change this policy.

    There's no good reason to save internet logs for years. It can only hurt you, and never help you. THROW THEM AWAY, folks!

  • If records are being kept with regard to overall usage, then there should not be a problem. Ascertaining profiles of overall usage is something which should be done to determine proper resource allocation.

    I think it's similar to some ISPs' policy of not carrying alt.binaries.* on their news servers. If students are killing the lines downloading MP3s, and others are not able to use thomas.loc.gov or the like, then fine. It's not the collection or analysis of data which is a problem, it's how it's acted upon.

    -Nev
  • Something like, the password for the Library computres was library. If the school really doesn't want kids getting into stuff, then why not make the passwords harder? I know where I went to college a while ago, and had access to some system administration things, the passwords were very eays. Why do school's not choose harder passwords? Do they not care about security?

    You've stumbled upon the weakest link in the security chain. Doesn't matter how clever the algorithm is, the basic problem is that people are stupid. They simply do not want to memorize passwords, nor invest any effort in creating good ones. Passwords are often one or more of:
    • ridiculously obvious
    • used extensively (so if you know one, you know them all)
    • reused forever
    • written down
    • based on an obvious algorithm
    Of course part of the problem is the solution: cryptic passwords or requiring frequent changes tends to cause people to write them down or use an obvious algorithm since they then have trouble remembering them. Shared passwords have the added problem of having to re-share each time it changes, and the difficulty in trying to communicate uncommon strings (which tends to result in them being written down).
    And no, this is not a "trust" issue. People have a similar lackluster security attitude with respect to their bank/credit card PIN numbers, their housekeys, etc.
  • of a teenager, I have a responsibility and a right to know what my daughter is doing at school. If she is ditching school, I want to know. If she is using the public computers to access porn sites, I want to know. You all can cry all you want about 'invasion of privacy', but when it comes down to it, the parent IS responsible for the actions of their kids. If I suspect she is doing drugs in my house, you bet I am going to 'invade her privacy' and go through her drawers.

  • That's fine, but you don't have a right to know what my kid is doing on a public computer. Just like if you suspect my kid is doing drugs, I'd better not catch you in my house going through their drawers.

  • Judge Abramson found that the district could use an inexpensive "write script" to produce a record without revealing confidential information, such as an individual student's name, user name or password, therefore the documents were not exempt.

    While I don't agree with releasing this type of information individually or collated, this quote from the article at least goes part of the way. It implies that the court believes individual privacy (such as asking for someone's specific records) is a separate matter.

    In short, the father wasn't asking to see anyone's specific access records and he didn't need to. Going by the documented judge's finding, this probably worked in his favour.


    ===
  • "Comments are owned by the Poster." He can do whatever the fsck he wants.
  • You.....are not smart. Think before you make a post. Telephone = private business. Publice School = Public entity. The telephone company could not give out your information to just anyone. They would have to be legally compelled to do so via warrant or writ.
  • Ok. So maybe _now_ they will care. Live and learn.
  • It's encouraging to see that the school & district took a stand on this one, even if they lost.

    --

  • Several issues here, but ruling is IMO right (Score:3)

    by Masem ( 1171 ) on Friday November 10, 2000 @05:59AM (#632880)
    First, some say the guy has no right to be asking for this information as his children now attend private school. Realize, however that this case started two years ago, appearently near the time when the guy transferred his children from the public school system in question to the private schools.

    Also note that the judge specifically balanced the privacy of the students *AND* faculty vs the state's right to know law, and said that a program can be used to strip out all identifible information: the guy is only going to get a list of sites that were visited by the school system, so privacy *is* protected. If he wanted to go one step farther and find out who visited whitehouse.com, for example, he would then probably have another court battle to face, and given the expressed interest of the privacy of the students *AND* faculty, he probably wouldn't get it. In any case, all this guy wants is evidence that children visited explicit sites such that he can fight for mandatory filtering.

    This is a PUBLIC institution, and therefore was not exempt from the public right-to-know law. Some here appear to be worried that it will extend to ISPs and whatnot. But those are for the most part private institutions, and therefore do not have to respond to public requests like this. The only way such log files will be revealed to third parties is if they are subpena'd.

    Some are trying to compare a real world example, and the best way to think of this result is that if I wanted information from a public library on it's lending records, all I can expect as a public citizen is a list of books and how many times they were checked out. I would not expect to be able to trace back who borrowed a specific book without further legal action.

    This does create an instresting situation for those in public colleges however. Yes, I would expect that a similar challenge on log files will give a similar result (only getting the list of sites, not names and such), but this is college, and I would expect to see a more diverse list. May be something to watch for.

    And there is a good point on pg 2 of the Times version: if this decision is held throughout it challenge, then groups like Peacefire can easily get infomation on real-world lists of sites that were blocked if filters become mandated, and thus fight for removing such filters or emphasizing more public input into better filters.

  • Re:That's where it starts... (Score:3)

    by Masem ( 1171 ) on Friday November 10, 2000 @06:01AM (#632881)
    The lists that the guy will be given will be stripped of any identity or specific machine. Remember, the computer network was also used by staff and faculty, so the rights of adults are at stake here as well. The judge specifically mentioned the balance between privacy and right-to-know laws.

  • Re:But where is the legal interest (Score:3)

    by Masem ( 1171 ) on Friday November 10, 2000 @06:06AM (#632882)
    The challenge for the records started in 1998, while his kids were still at the public school system. He withdraw his children and moved them to the public school system apparently when he couldn't get the records and started the legal battle. I believe that he does have sufficent interest in the matter (if he had those logs from day 1, would he have withdrawn the children and spent the money on private school?)

  • Is this really an invasion... (Score:3)

    by Millennium ( 2451 ) on Friday November 10, 2000 @04:49AM (#632883)
    I'm not so sure this is an invasion of privacy. The reason: although you can trace access back to a terminal, you cannot reliably trace it to a user. In other words, it can be found that someone accessed www.1337pr0n.com at such-and-such time, but it cannot find who that was.

    Mind you, I don't want this kind of thing getting into the hands of bookburners, as would be the case here. But I'm not sure there's anything illegal about his request.
    ----------

  • Re:IHLF (Score:3)

    by tiny69 ( 34486 ) on Friday November 10, 2000 @06:59AM (#632884) Homepage Journal
    If this information can be used obtained through FOI, then I expect lawyers will start requesting this information more often. I fear this information will be used in smear campaigns for no other reason than to dicredit the individual.

    Lawyer in court: On this day, [insert date], you downloaded 150 pictures from www.kinkysex.com ...

  • A related story: Traffic cameras (Score:3)

    by weave ( 48069 ) on Friday November 10, 2000 @05:56AM (#632885) Journal

    DelDOT has traffic cameras [deldot.net] all over the state of Delaware. Once while checking out the traffic on I-95 I saw the camera zoomed in on an accident scene. I asked a friend in DelDOT if they recorded the video camera images. He said the absolutely DO NOT do this. One can't subpoena something that doesn't exist nor ever existed.

    There's a lesson I learned from that.

    What are your current backup tape retention policies? Do you just keep a few generations or do you stash long-term archival copies somewhere? If so, for what purpose? Will they come back to haunt you, your users, YOUR COMPANY, later?

    The problem here is that seldom are there laws or regs saying stuff must be recorded, backed up, etc. But if they happen to have been, then they are open game for subpoenas and if applicable FOI requests.

  • Uhh, one other point! (Score:3)

    by Jason W ( 65940 ) on Friday November 10, 2000 @01:57PM (#632886)
    I can't believe no-one has mentioned this yet. The school is required to remove the username/passwords from the logs files, right? This usually means writting a quick regex based script to filter out the first two columns or something similar. But what about logins/passwords for other sites? Or just explitive URLs? Here are some examples:

    • http://slashdot.org/users.pl?op=userinfo&nick=Ja son+W - Shows that I probably use the nick Jason+W on Slashdot
    • http://slashdot.org/comments.pl?sid=00%2F11%2F10 %2F1311205&cid=&pid=0&am p;am p;startat=&thresho ld=2&mode=nested&commentsort=3&op=Reply - Shows that I posted this comment, with 100% accuracy using time stamps
    • http://slashdot.org/index.pl?op=userlogin&upassw d=somepassword&unickname =Jason%20W - Shows both my username and password

    These are just a few of the possible URLs. Also remember that POST and GET requests are logged too, so even if it doesn't show up in the URL, its still logged. It would not be hard at all to imagine someone collecting all of the records from around the country and doing a quick search to find where a particular "username" lives. Sure, not everyone is a student, but the internet is ATM mostly kids.

    Me? I use an HTTPS proxy to encrypt everything I send, so I'm ok. But most students have no way of knowing such a thing exists, and recreational browsing at schools is a must in today's society.

  • Not only that but from reading the article:

    "a record without revealing confidential information, such as an individual student's name, user name or password"

    So, only the internet addresses (whether they be DNS or IP addresses) were given, not userids, passwords, or, most importantly, real names.

    Unless, of course, the script produces also the client IP of each computer and the time of request, and the parent has some way/document of matching J. Random Student to J. Random Computer at a given time. Unless he has these three pieces of information, that information he received is not very useful in regards to tracking students.

    If I were that school, this is how I would give him the data: I would give him a list of only each place the student, by IP address only. Thus, he would have a huge listing of:

    143.23.145.165
    135.204.65.1
    208.123.5.143

    etc, etc. It's that the bare minimum they have to comply? Or, even better, hex encode it, and give it to him as:

    1A.0B.AA.F8
    5B.CA.64.03

    etc, etc. I mean, that is a completely valid method of writing IP addresses down.

    I mean, true, now the school *has* to comply. Doesn't mean that they have to make it easy.

  • Cool! (Score:3)

    by Greyfox ( 87712 ) on Friday November 10, 2000 @05:55AM (#632888) Homepage Journal
    Maybe I could obtain the White House browsing records using the same strategy. I could use some new porn sites...

    I wonder... if it's mandated that schools and libraries use a censorware product, could you demand the list of sites the product bans under the same act?

  • Re:Why is this under 'privacy'? (Score:3)

    by Fjord ( 99230 ) on Friday November 10, 2000 @06:45AM (#632889) Homepage Journal

    If I walk on the street, for instance, I don't expect a camera somewhere spying everything I do, and then giving that information to anyone. So, yes, this is, IMHO, a privacy issue.

    While you may not expect this, the law stated explicitly that in this case you have no legal expectation of privacy on a public street. Thus, if you are videotaped or audio recorded by police doing an illegal activity, it is admissable as evidence in court. This even extends to private property for public use (like a mall, or a restaurant). However, in your home, police must have a judge sign off on the taping for it to be admissable evidence.

    IANAL

  • Intelligent decision making? (Score:3)

    by marshall11 ( 115730 ) <mw6g@nOSPam.yahoo.com> on Friday November 10, 2000 @05:48AM (#632890)
    I hope posters are using the free link [nytimes.com] to actually read the article before firing off their posts.

    Call me foolish, but I am not as upset after reading about the ruling of the judge. By ruling that identifying information about users be removed from the logs before they are turned over, he's protecting personal privacy and obeying the FOI Act.

    When this father's crusade is said and done, I belive he's going to find nothing that justifies his censorware. In fact, he's probably going to create another problem. He's going to find some consistant evening or early morning "dirty" surfing going on - there's going to be a scandal over which faculty member or administrator (or stupid sysadmin who forgot to remove that from the logs) visits the sites and the censorware will be forgotten or the shouts of "family values!"

    Someone else will step forward with information about how screwed up filtering software is (not only ethically, but even under it's own standards, by blocking political or inocuous info). And maybe, just maybe, enough people will admit that they too, have surfed for porn, and that maybe this is all ridiculous.

    I'm not pushing a transparency critique here, I'm just acknowledging that once some info escapes through a crack in the dam, it's only a matter of time before it breaks and intelligent and relevant decisions can be made.

    Besides this is Vermont. We get this guy some Ben and Jerry's and we'll have no problem!



  • IHLF (Score:3)

    by joto ( 134244 ) on Friday November 10, 2000 @04:26AM (#632891)
    Internet History Log Files. Is this a common abbreviation, or is it just that lawyers speak that way.

  • Re:Internet Proxy (Score:3)

    by Suidae ( 162977 ) on Friday November 10, 2000 @06:09AM (#632892)
    Because if someone tries to climb over such a fence to rob your house and they hurt themselves, they can sue you and are likely to win.

  • I think we are forgetting something (Score:3)

    by Lostman ( 172654 ) on Friday November 10, 2000 @07:31AM (#632893)
    I am wondering if the logs in question include the "webpage" they loaded. What I mean is www.somepage.com/index.html instead of www.somepage.com. If it does include the page, then this could be a much greater invasion of privacy than many believe.

    You could be able to find what students are searching for (because it is included in the URL of search engines), possible find out who the kids are (username for sites that send with URL), and intercept "private" messages that COULD be sent over the URL.

    Has anyone heard whether or not the logs include the page they viewed?

  • Re:Why is this under 'privacy'? (Score:3)

    by ScuzzMonkey ( 208981 ) on Friday November 10, 2000 @07:51AM (#632894) Homepage
    Obviously not a sysadmin... I log everything I can get my hands on and it's priceless for troubleshooting. I don't expect that whoever is running the school's network is any different, public entity or not.

    I think that we're fighting the wrong fight here. If the technology exists to collect such information, it will be used, and it will be susceptible to abuse. That's pretty clear from the history of technology. The only question will be, who gets to abuse it? By fighting for less disclosure, we are essentially tying our own hands when we have need to root out abuses by those in power.

    David Brin makes this issue his central argument in "The Transparent Society" which was published a couple of years ago. It's a must read for anyone interested in privacy issues, IMHO, just to get an out-of-the-box take on the problems. What he says, essentially, is that the more you attempt to lock down information, the more susceptible it is to undetected abuse by those who do control it. And with data collection technologies becoming less and less obtrusive, soon there will be no way to know that it's happening at all--unless we can create a meme that will call for _more_ disclosure, not less. The solution is not to try to lock away public (or in some cases even private) records, but to make them more accessible to everyone. In essence, what he says is that it's more valuable to open everything up to everyone (providing a sort of check and balance environment) than it is to restrict knowledge to a few who may abuse it with impunity, protected by those same privacy laws. He does not state, but I believe that it is implied, that we really only have a brief window of time to accomplish this, before we lock things down to such an extent that recovering such freedoms becomes problematic.

    Not everyone will buy this--I'm not sure I do completely--but it's certainly worth considering the un-intended consequences of reactionary calls for secrecy.

  • Re:Requesting info (Score:3)

    by cube farmer ( 240151 ) on Friday November 10, 2000 @08:18AM (#632895) Homepage

    Start with the school district office (not the school site office, necessarily -- they probably won't have a clue what you're talking about). Generally, one person at the district office is in charge of public relations/public information. That person may be the superintendent or the responsibility may lie (pun intended) with a director of public relations or some similar title.

    Tell your contact you want to make a request for public records under the Freedom of Information Act (FOIA). There may be paperwork and a fee for document reproduction involved, which will vary from district to district. Depending on the district, your liaison will contact the appropriate staff person to obtain the logs, or may refer you to her directly.

    If the district resists your request, you now have precedent (at least in New Hampshire) in your favor. Have a good time!

  • Re:Why is this under 'privacy'? (Score:4)

    by kris ( 824 ) <kris-slashdot@koehntopp.de> on Friday November 10, 2000 @08:42AM (#632896) Homepage
    I like his argument, but his .sig really
    pisses me off. Slashdot's forum is a public
    place. Anything you say here can be quoted
    as if you yelled it on the streets of Miami.
    That is the result of public expression.

    Quoting, or more properly, citation, is covered under fair use. Look it up [templetons.com] at Brad Templeton's site: Myth 4, third paragraph:

    Fair use is almost always a short excerpt and almost always attributed. (One should not use more of the work than is necessary to make the commentary). It should not harm the commercial value of the work -- in the sense of people no longer needing to buy it (which is another reason why reproduction of the entire work is generally forbidden.)

    Also, by simple act of posting my comments here on Slashdot, I obviously implicitly allow copying of my content for the purpose of conducting a discussion on Slashdot. This includes viewing, printing, quoting, and all other uses necessary to have a discussion here on this site. Copyright law explicitly protects such uses.

    Use of my text outside of Slashdot, for example in a book published by Andover, or on a Best Of Slashdot CD-ROM, or in other places or for purposes other than discussion here on Slashdot requires a license. That is, I have to explicitly grant you the right to use my words.

    Copyright does not cover names, trademark law does that.

    Copyright does not cover ideas, patent law does that.

    So if you like what I write, but I would not grant you a license to use my words, you could always phrase the ideas I convey in your own words, or express them differently (i.e. using no words at all). That should be differently enough in order not to qualify as a derived work, though.

    And finally, when asked, I usually grant the license to use my words for free - completely, unaltered and with correct attribution as well as a pointer to my homepage. I do like to get 1-3 free reference exemplars of printed matter, and pointers to the sites where my words are hosted. Also, I will not grant license to use my words for free, if you sell them. If you make a living by selling my words and my works, I demand a sensible share of that money.

    If you want to read my words, and my works, please go to my homepage. You find it at http://www.koehntopp.de/kris [koehntopp.de]. I keep freely accessible online copies of everything I have written and deemed useful, whether sold or not. I make my contracts in such ways that I can maintain this website with my works so that you can access all my published articles [koehntopp.de] and USENET posts [koehntopp.de] as well as my [linuxdoc.org] open [netuse.de] source [php.net] projects [koehntopp.de].

    Copyright law may be not an ideal solution, and may be an annoyance sometimes. But there is (or at least was at some point in time) reason behind it and used sensibly and nonoffensively, it can be actually useful to protect the interests of the public as well as the interests of the author. Just try to think, and use Google, before you flame.

    © Copyright 2000 Kristian Köhntopp [slashdot.org]

  • That's where it starts... (Score:4)

    by crovira ( 10242 ) on Friday November 10, 2000 @04:39AM (#632897) Homepage
    What if somebody went to the public library and asked to see your reading lists?

    Just because someone hasn't reached the age of majority doesn't give anyone the right to traipse through records stripping them of any dignity or privacy.

    The next argument will be: Well why should we stop just because they've reached the age of majority?

    If its not tied to an individual person, what's the point? The school can also run the list through the IP filter to remove all traces of "unapproved sites" which might have been hit by who knows who?

    Major snoops and people who are that invasive about information use should be deprived from it for the very reason that the asked for it!

  • Requesting info (Score:4)

    by evanbd ( 210358 ) on Friday November 10, 2000 @04:46AM (#632898)
    OK, I would like to request info. What's the procedure? My high school engages in a (relatively effective -- they are very fast at changeing based on student input) censorware package. I would like to request the log files not to particularly do anything with them, simply to make it widely known that they are public. what is the procedure? I think this might have an effect on both the students and staff. Thanks in advance.

  • Why is this under 'privacy'? (Score:4)

    by w.p.richardson ( 218394 ) on Friday November 10, 2000 @04:22AM (#632899) Homepage
    Hello? If you access the internet via a public resource such as a school or publid library, then you shouldn't expect much privacy. As stated, these are logged and as such, are public property subject to the FOI act. Seems like a no-brainer.

  • Re:Why is this under 'privacy'? (Score:4)

    by billybob2001 ( 234675 ) on Friday November 10, 2000 @04:30AM (#632900)
    I don't expect a camera somewhere spying everything I do

    Nobody expects the Spanish Inquisition!

    Try looking up a bit more often. You're going to be shocked at how often you are on camera these days.

  • Re:Why is this under 'privacy'? (Score:5)

    by kris ( 824 ) <kris-slashdot@koehntopp.de> on Friday November 10, 2000 @05:30AM (#632901) Homepage
    I cannot tell you why you should expect privacy in the US when accessing the net via public ressources, but I can tell you why you should expect such privacy in Germany.

    In Germany, the supreme court has ruled that if a basic right can only be excercised in a way that the person exercising this right would feel monitored, threatened or otherwise limited while exercising that particular basic right in such a way that that person may decide not to exercise that basic right at all, then this is identical to an illegal takeway of such a basic right and therefore illegal.

    In the above library scenario that would mean: If you are using a public information terminal to exercise your right as an adult to browse arbitrary information sources and you must fear that your browsing history is being monitored and may perhaps be used against you, than this would be an illecal takeway of your basic right to free and unhindered access to public information. It may be okay or even necessary to monitor the internet connection of minors (judges are still out on this issue in Germany), but it is clear illegal to do such a thing on a public terminal when an adult is using that terminal.
    © Copyright 2000 Kristian Köhntopp [slashdot.org]

  • But where is the legal interest (Score:5)

    by gelfling ( 6534 ) on Friday November 10, 2000 @04:46AM (#632902) Homepage Journal
    The plaintiff has no direct interest other than a vague legal interest public policy, because, and this is important to understand, his own children are not in the public schools, are not the subject of this inquiry. The articles state that the plaintiffs own children are enrolled in PRIVATE school which specifically is immune from a legal challenge like this. So turnabout in this case is NOT fair play. We could not for example have the access records for his children made public because they are enrolled in private school and it is not a public policy issue.

    So in the end this where law and public policy are mismatched to the Net? Why you ask? Well in this case it's not much different that protesting outside of a family planning clinic. the law states that protests have to be a certain distance from the front door so that people going are not only physically prohibited but also that they are not subject to undue emotional stress, verbal abuse, etc. In the case here there is no physical separation so what we have in effect is a protest or vigil that has a chilling effect on using a facility without the protection from figuratively blocking the door.

    So the question you have to ask yourself is, is this challenge really about filtering software or is this challenge about using the facility at all. It would be interesting from a legal perspective to see whether this gentleman could be successfully prosecuted if he ever published and identifiable information on minors who access the Net. That is, let's say he is collecting this information in order to pressure the school or the students by publishing the names or addresses of sites they visit. If he refers to any identifaible attribute of a minors access, say, first initial last name could he be prosecuted under a law that bars divulging any information about minors without their guardians' consent?

  • Re:As a parent (Score:5)

    by Harri ( 100020 ) on Friday November 10, 2000 @06:04AM (#632903) Homepage
    Two things.

    Thing the first: The guy's children are _not at that school_, and he is requesting the log files for all of the children in the school. He does not have responsibility for any of those kids.

    Thing the second: You might have the legal right to go through your daughter's drawers. But I'm not convinced that you have the moral right. Why shouldn't she have the same right to privacy as you? I don't believe your "responsibility" for someone's upbringing suddenly gives you the right to go through their personal stuff.

  • sounds like a marketers dream (Score:5)

    by smaring ( 229775 ) on Friday November 10, 2000 @04:24AM (#632904)
    Wow. Free internet usage stats on a very specific and impressionable demographic. Advertisers are going to eat this up.

Slashdot Top Deals

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (5) All right, who's the wiseguy who stuck this trigraph stuff in here?

Close