FAQs - Information Technology Data and Security Privacy Policy
-
When might reasonable grounds exist to determine College-provided devices and/or service are being used unlawfully and/or in violation of College policy? For example, if anonymous blog post on blogs.muhlenberg.edu was reported to the Dean of Students as a violation of the Hate/Bias Policy, and that blog-post was created or transmitted over college-owned devices/network, the Dean of Students could pursue an investigation of the blog-post. The Dean would have to confer with the CIO to determine if reasonable grounds exist to investigate the origin of the anonymous post. If they find that reasonable grounds exist, then a document would be constructed detailing what type of investigation would ensue, including what records would be accessed. The CIO would assign OIT staff to the investigation according to their expertise.
-
When might there be a “concern for public safety” that would allow OIT to access personal data/information on College-provided devices or services? For example, the FBI calls campus and says they need to know whether a person has logged on to the System from campus - this individual is, in principle, using the College network appropriately, but this person has also issued verbal threats against another member of the community. This policy allows (but does not require) the CIO to work directly with the FBI, after conferring with a second college administrator to confirm “reasonable grounds”. The committee felt this criterion was necessary to account for emergent situations that posed an immediate threat to the safety of our community.
-
My scholarship/creative activity is controversial and requires online research and/or presentation of my work. Will my scholarly/creative work be censored under this policy? No. Scholarly and creative activity is protected under this policy. Furthermore, user activity on the network is not actively monitored. In the event that a product of scholarly/creative work was “reported” to OIT as “an alleged violation,” (see Expectation of Privacy) such an allegation would have to come from another individual in the community or from external law enforcement officials. The procedures for investigating such an allegation are outlined above under Expectation of Privacy.
-
Does the College know where I am because my mobile phone is connected to the network? Yes, and no. The fact that your mobile device is connected to the College network means that its location is passively logged by way of a unique IP address. However, this policy stipulates that information cannot be used to determine an individual's location, except under specific circumstances (see Expectation of Privacy).
-
I encountered questionable material on a public computer in a campus computer-lab. I think the material is illegal. What should I do? Report the incident to OIT. The procedures for investigating such an allegation are outlined above under Expectation of Privacy
-
Can OIT take control of my college-owned computer without my express permission? No. OIT has tools that allow for “remote support” whereby support staff can control another computer. However, the user must accept a “request” for remote access. OIT cannot take over another computer nor access its files without consent other than for the reasons cited above (see Expectation of Privacy).
-
Can OIT see what files I download? No. OIT has no visibility into the content of traffic, merely the traffic itself. We know that the web is being used, but not what files are downloaded during a web session.
-
Can OIT track what I am doing on the network? Through passive logging, information is collected that make it possible to determine user activity, but this policy prohibits acting or accessing such data other than for the reasons cited in Expectation of Privacy. It is possible to determine that a specific user has been engaging in peer-to-peer file sharing, for instance, because traffic for those applications appears differently than for web browsing. We are able to tie a specific person to specific activities through a combination of multiple logs, such as our firewalls, routers, and switches.
-
Can I have a College-provided computer or device that is not managed? No. Reliability and security demand that OIT be able to manage all college-owned hardware with centralized software. It is against policy to disable this software or otherwise inhibit our management capabilities. OIT is not permitted to implement any technology that compromises or exposes personal information, scholarly or creative activity or intellectual property for any user other than for the reasons cited in Expectation of Privacy.
-
Updates to my college-owned computer happen at the most inconvenient times! Is OIT controlling when my computer updates? For Windows machines, OIT does not push updates, rather OIT management of college-owned device ensures updates are turned on. As for the timing, security updates are forced by the operating system, but the user still has to agree to the updates. For instance, while Windows might ask for a restart, one can postpone until a more convenient time. Macintosh computers receive updates directly from Apple on Fridays between 8PM and 5AM, with a forced reboot 60 minutes following the update.
-
Does the college monitor activity for copyright compliance in my scholarly and creative work? Copyright compliance is the responsibility of the individual and the college recognizes that respecting intellectual property, both in one’s own creations of the mind as well as in the educational processes of the college, is fundamental to ensuring progress in science and the arts. Trexler Library serves as a resource for faculty, students, and staff in the use of copyrighted material in their teaching and work, as well as in the necessary steps in managing one’s own copyright. Neither Trexler Library or OIT can provide legal counsel nor do they actively monitor activities that relate to copyright. Please refer to the Campus Copyright Policy for additional information and guidance.
-
Can I encrypt or password-protect a portion of my OIT managed hardrive so it is visible to only me - the user of the computer? In Windows, you can encrypt a folder, but you cannot password protect it. Other users, even administrators, will not be able to access your files. In Macintosh OS X, you can encrypt and password-protect a folder. Once the user encrypts and password-protects (if applicable) a folder, they alone can access that area of the computer. This also means that OIT cannot help if the user loses or forgets the password or if the data become corrupted. This is a potential strategy for faculty collecting data on human subjects who are seeking approval of the Institutional Review Board. If you wish to encrypt a region of your hard drive, please contact OIT for instructions and for a consultation on how encrypting a portion of your hard drive limits the support you can receive from OIT.