[liberationtech] Concerns with new Stanford University security mandate

Andrés Leopoldo Pacheco Sanfuentes alps6085 at gmail.com
Mon Jan 27 01:49:21 PST 2014 

Guido,

" Identity Finder: It gives a baseline scan for all files that contain
personal identifiable information, like credit card numbers"
IMHO, & w/o knowing details of the sw, the statement sounds like a
compulsory violation of an individual's privacy by "The Institution"

"(that should never be on anyones computer at all, not even your own credit
card number) and SSN (likewise)."
This is like saying "Don't have a wallet!" Disagree. IMHO, correct answer:
devices used by persons should be secure, and no "Institution," no matter
how "benign," should have compulsory access to personal information stored
on them. The Institution may even own the device, but it doesn't own
personal information of its employees that happens to be on its devices.
Asking an individual to separate "personal" and "business" information is
schizophrenic. Your wallet contains both your personal and corporate credit
cards! How about your health insurance card? Driver's license? Passport?
 On Jan 26, 2014 11:05 PM, "Guido Witmond" <guido at witmond.nl> wrote:

> On 01/26/14 10:20, Tomer Altman wrote:
> > To Liberation Tech:
> >
> > Stanford is implementing a new security policy detailed here:
> >
> > http://ucomm.stanford.edu/computersecurity/
> >
> > I am personally very concerned about steps #2 and #3. BigFix is
> > basically a back door managed by IBM that gives them and Stanford
> > control over your device. The IDF tool effectively means that the
> > Stanford administration can continuously search your personal laptop
> > for any objectionable material.
> >
> > While there are some technical cases where one may be exempt from
> > these new requirements, the way that it is being pushed out at
> > Stanford is making people believe that they cannot use their cell
> > phones or laptops on campus (i.e., connecting to the Internet,
> > checking Stanford email, calendars, etc.) without agreeing to all of
> > these requirements.
> >
> > I fully support Stanford improving security on their own computers
> > and networks, but installing a backdoor and surveillance systems on
> > personal laptops seems to cross a line for me. Especially in an
> > institution devoted to open inquiry. Especially in light of the mass
> > surveillance revelations this past year.
> >
> > I tried reaching out to the EFF, but did not receive any reply.
> >
> > I expressed by concern to the Stanford administration. They replied
> > to a few of my emails, but it left me with more questions than
> > answers.
> >
> > I am asking for advice from the community on whether this kind of
> > encroachment has any precedents.
> >
> > I'm also curious to hear people's thoughts on this matter.
> >
> > Thank you in advance,
> >
> > ~Tomer Altman
>
>
> Dear mr Altman,
>
> From the link:
>
> No more Windows XP: Good riddance.
>
> BigFix: the missing package manager for Windows. What every self
> respecting unix/linux/bsd/etc system already has. Good.
>
> Identity Finder: It gives a baseline scan for all files that contain
> personal identifiable information, like credit card numbers (that should
> never be on anyones computer at all, not even your own credit card
> number) and SSN (likewise). Good.
>
> Encryption: Good.
>
> Central file backup: Good.
>
>
> Anything in that document shows the intention of solving many
> IT-problems that PC-users face all the time, whether they realise it or
> not.
>
> And the university does not make it mandatory for private devices.
>
> By taking these measures the university take responsibility for any
> breaches that happen from now.
>
>
> There is one question remaining: do you trust the university to handle
> this responsibility?
>
> The answers to that will become clear with how they react when they find
> unneccesary PII on a computer. To whom go the reports of
> Identity-finder? How are they going to deal with it.
>
> The intentions may be good, it's all about the actions.
>
>
> Good luck with it.
>
> Guido.
>
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140127/07ee3a37/attachment.html>

More information about the liberationtech mailing list