community software lab computer icon
Status Reports from Cadre-Politics
May 16 2007
April 29 2007
April 17 2007
January 15 2007
December 30 2006
December 16 2006
November 29 2006
November 07 2006
October 23 2006
September 30 2006
September 19 2006
August 23 2006
August 01 2006
July 17 2006
July 09 2006
July 03 2006
We're People People Too
Laura

Valid XHTML 1.0!

Privacy Policies

If these privacy policies conflict with city, state or national law or our Terms & Conditions, the law and our Terms and Conditions will take precedence.

Auditing

All use of special privileges such as would be needed to access to private information is logged. A report of this log is generated every night and emailed to interested and responsible parties.

If you would like this report (sample) emailed to you every day to help us keep to our privacy policy, please email us at help@thecsl.org.

It may also be possible for you to view this report for particular days, or to run the report yourself, or to examine the source code of the script that generates the report.

Given that this report may contain potentially private or security related information, we reserve the right to determine who may view it.

Files stored on our system

On rare occasions, we examine private files stored on our system. We do this in order to comply with the law, your reasonable requests, the reasonable requests of the management of your organization and to insure the security and stability of our services.

As a practical matter, we examine fewer than 1 in 15,000 email messages not addressed to us.

In most cases, you have an email account with us because you work with a non profit organization. Our loyalty is that organization. If your boss asks us to look at your email or to forward it someplace else or to cut off your access without notification, we will do that.

For example, an organization we serve has two groups of employees. One group is required to view confidential medical reports for their work, one group is not. On at least four occasions, reports with information about client mental health were sent to the wrong people. We went into people's mail boxes and removed the messages without notification

For example, in 2003, we were flooded with email viruses contained in zip files. We didn't have the ability to scan the zip files. For a time all emails with zip files attached were diverted to a mailbox monitored by a human being. Of the 1000 or so messages diverted each week 1-3 were not viruses. Picking out the non virus messages required that we read them.

Right now our virus scanning system handles zip files and rejects email that has a virus or can't be scanned. In most cases, virus email isn't saved on our hard drives. Sometimes after anti-virus signatures are updated, we re-scan email folders and move emails with viruses out. It has probably been since 2006 that we've examined a virus email by hand.

Viewing of log files

To increase our understanding of the system and to satisfy our curiosity, we frequently examine log files

With some exceptions, we tend to treat the contents of log files as we would AIM away messages, finger information, who information and whois information. To cooperate with law enforcement officials, maintain security or maintain stability, we may disclose the contents of log files to third parties.

Examples of information contained in log files include: who has sent you email, who you have sent email, where you were when you accessed our system and what time(s) you have accessed our system.

Unless we believe that release of log file information will in some way harm you or third parties, we may disclose it to third parties for reasons not related to law, security, stability or our terms and conditions. For example, we might send virus scan logs to people who write anti-virus software.

Command Logging

For security reasons all commands everyone runs are logged to /var/log/auth.log. We have the ability to view reports of any command you have run on our system.

Once this logging allowed us to catch somebody trying to break into our system.

We treat logs of commands run as we do other logs

Use of email addresses

We do not sell email addresses to third parties.

If we reasonably believe you would wish your email address to be shared, we may share it. For example, if your co-worker calls and asks for it.

If we need to cooperate with law enforcement officials or to otherwise maintain system security or stability, we may share your email address with third parties.

Employees, contractors and volunteers

In most cases, you can expect the same privacy as a regular user of our system.

We may look at your private files to find work related information. For example to find a phone number. This sort of examination happens rarely if ever.

Unless you are absolutely sure you are working to maintain security, stability or our Terms and Conditions, do not use your privileges to violate somebody's privacy.

When it is necessary to invade privacy, do so with as little intrusion as possible. For example, grep for specific subjects instead of reading entire messages.

Do not attempt to bypass privacy and security logging.

Abuse of your position may cause you to lose your position or to be subject to legal action.

< 2005-06-05 created dm > < 2007-04-05 updated dm change: we now reject (most) spam and viruses at delivery time instead of quarantining it>