Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
[ISN] IT departments must cope with Patriot Act, university CIO says
From: InfoSec News (isnc4i.org)
Date: Wed Aug 04 2004 - 12:47:57 CDT
By John Cox
Network World Fusion
Nearly three years after its enactment, the USA Patriot Act remains
not just a political but also a technological issue on many college
Unprepared or ill-prepared schools can find themselves facing network
problems, service disruptions, and in the worse case FBI agents
driving onto the campus with subpoenas to haul off PCs, servers, and
computer log data.
IT groups can minimize the potential disruptions of Patriot Act
investigations by taking the lead on campus to pull together legal
counsel, administration, and faculty to craft a clear process for
handling investigations that will become more common, says Peter
Siegel, CIO at University of Illinois at Urbana Champaign.
Siegel spoke this week at the annual conference of the Association for
Communications Technology Professionals in Higher Education (ACUTA)
meeting in Chicago.
"The status of dealing with the Patriot Act in higher education is
very mixed," Siegel said. "Some people say, "What does this have to do
with IT?" Others say, "We have [network] security professionals who
work closely with law enforcement agencies." There's not much in
between, where you find people just ramping up [to deal with the Act].
For one thing, it's very hard to get people to share information about
Siegel pointed out to his audience that while the Patriot Act is new,
it doesn't actually introduce new legal instruments or actions.
"Every component of the Patriot Act was present in previous law," he
said. "But just not often used. Now, it's more likely that a Patriot
Act incident will start or end or, especially, go through your
Siegel said the act does, however, lower the bar on judicial oversight
on searches and seizures. But oversight is still required: seizing
records or doing electronic surveillance requires a subpoena issued by
"It allows [electronic] searches without requiring the person [under
investigation] being notified, for an undefined 'reasonable time,'" he
Schools may find themselves drawn into a Patriot Act investigation
even if those being investigated are not actually students or
employees of the school. The school's network and computers may be
hijacked by someone halfway around the world to attack a third
location. "You need a solid policy," Siegel told his audience. "If
it's 2 a.m. and your network is being used to attack another
university or a private company, who gets called?"
Investigations under the act often require a complete information
blackout. IT groups are forbidden to tell the subjects they're being
investigated, or even acknowledge that an investigation is under way.
One result is that you can't call network colleagues at another school
and ask them how they handled a similar event.
Law enforcement agencies may direct IT groups to take certain actions
or to not take actions, either leading to network problems. They may
be ordered to leave compromised or damaged computers and networks
untouched while the investigation is under way. "This can disrupt work
patterns," Siegel warned. "A given subnet could be taken offline or
required to stay online… and you can't explain why to the [affected]
Investigators could require some network or computer log data to be
preserved up to 180 days. But what if parts or all of that data is, by
IT policy, automatically deleted every 10 days, Siegel asked.
Siegel urged his audience to bring together the campus players, such
as legal counsel, appropriate provosts or deans, campus police, and
others, who will be involved if any Patriot Act investigation is
launched. Hammer out solid policies with clear responsibilities, and
good lines of communication. Identify the personnel who will act as
the leaders in an incident and train them in "customer relations" - in
working knowledgeably and cooperatively with both the campus community
and outside law enforcement.
Cultivate trust and relationships with local police, state
investigators, and local FBI offices, Siegel recommends. "If there's a
new FBI agent that joins the local office, invite him over for coffee
and talk with him," he says. "The real issues are really not
technical, but [about] people. And they are solvable."
Help InfoSec News with a donation: http://www.c4i.org/donation.html