On Friday 26 February 2010 10:42:37 am Alex Esplin wrote: > The problem at hand with regards to Andrew's reasonable expectation of > privacy is that it would have been just as easy (perhaps easier) for > them to simply inform him that his email raised a flag and ask for his > input, instead of immediately reading it, then contacting him.
Based on what I understand from the case (Andrew, can you confirm?), the trigger was fired by Snort. Snort simply looks at packets going back and forth, runs it through some rules, and fires a warning. In this case, a transmission on known email ports carried certain text that looks like a response to a phishing scam. At that point, a person has to recreate the transmission (which means looking at the whole email) and determining what happened. That's how it's done with current technology. > If it > was deemed a high-level-risk flag, they could always just quarantine > the message until he verified that it wasn't malicious and (in this > case) he knew very well that it was a joke. If I understand correctly (again, I'll defer to Andrew) the email was sent from his personal email account to the CS email system. OIT doesn't control the CS email system, and Snort is not as sophisticated to sniff something suspicious and then, as the communication is happening, inform the two communicating systems to say "something is fishy." > For me, the issue (and > the "wrongness" associated with it) is not that they're monitoring, > it's that they are monitoring so much more intrusively than they need > to be. And that is the eternal dilemma! -- Alberto Treviño BYU Testing Center Brigham Young University -------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info (unsubscribe here): http://uug.byu.edu/mailman/listinfo/uug-list