Saturday, September 22, 2007

Re: When you find a hacker...

My understanding is that institutions do own their email systems and =
privacy is not assured. Boston Public Schools does monitor email to some =
extent. Financial institutions monitor employees email to be sure they =
are not disclosing sensitive or illegal information. If you have cause, =
you have the right to read them.=20
=20
However, once users or outsiders hack into someone else's private email, =
that is a crime. Using a software keylogger here, a student logged =
everything a teacher typed, including their emails. That immediately =
broke federal wiretapping laws. The Secret Service notified me that once =
I realized what was in the logs, I should immediately stop reading them =
and turn over everything to the police. If I continued to read the logs, =
I was potentially also breaking these laws and participating in the =
crime. They seized the hard drives and took over.
=20
Those were the parameters of what occurred here. I hope that is helpful. =
I would refer to lawyers or local authorities for a complete explanation =
of laws. Most now have Internet fraud and corruption divisions that are =
versed in this area and can investigate hard drives, etc.
=20
Cathy Meany
=20

________________________________

From: A forum for independent school educators on behalf of Keith E =
Gatling
Sent: Sat 9/22/2007 8:43 AM
To: ISED-L@LISTSERV.SYR.EDU
Subject: Re: When you find a hacker...

On 9/19/07, Meany, Catherine <cmeany@boston.k12.ma.us> wrote:
>
> FYI: Accessing others' email is a federal crime covered by wiretapping
> laws. You should know that once you discover this breach, beyond the
> initial discovery, you will also be liable for breaking this law if =
you
> access emails or even read stolen emails. Stop immediately and contact
> the authorities.
>

This piece here sounds very interesting, and I'd like to get this =
clarified
before I put this out to all of my students. In particular, what exactly =
is
meant by "accessing others' email"? Is this just the obvious breaking =
into
the account, or does it also cover messing with someone's email that =
they
left open for a moment while they went to the bathroom?
And realistically, what can we legally do if we don't know who the =
cretin
was who sent the questionable email from the naive/lazy student's =
account?

More important, the couple of students I mentioned this to want to know =
does
this mean that *the school* can't legally look at or mess with their
*school-hosted* email? I suspect that we can because it's on our =
servers,
just as any business can look into what's on their servers.

I would suppose that "spoofing" another student's email address is about =
as
illegal as putting someone else's return address on a snailmail letter - =
not
very (Or is it? I'm often surprised by what's illegal.).

--
keg

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * =
* *
Keith E Gatling - Computer Instructor
Manlius Pebble Hill School
5300 Jamesville Rd
DeWitt, NY 13214
315.446.2452
http://www.gatling.us/keith

Some teachers teach subjects. Others teach students.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * =
* *

[ For info on ISED-L see http://www.gds.org/ISED-L ]
Submissions to ISED-L are released under a Creative Commons license.

[ For info on ISED-L see http://www.gds.org/ISED-L ]
Submissions to ISED-L are released under a Creative Commons license.