Top Document: comp.security.unix and comp.security.misc frequently asked questions Previous Document: Is a portscan of a machine malicious/illegal/unfriendly? Next Document: Why do some people get so upset when system penetration is called "hacking"? See reader questions & answers on this topic! - Help others by sharing your knowledge Do they have the technical ability? Yes. Your packets go through their equipment. Your packets are identified with your IP address, and they contain the IP address of the destination; your ISP's routers need to know the destination IP addresses to be able to route your packets. The data you send (e.g. passwords, mail message contents, URLs) is all also easily available, in the body of the packets. If you use www.anonymizer.com (in its non-cryptographic mode), the URL you request is still just as available in the outgoing packets. If you use some form of encryption, e.g. ssh, they could still at least tell the destination, even if the contents are unreadable. In general, encryption is the only way to render at least the contents unsnoopable, and only then if the encryption and decryption are both done on machines which the overseers DON'T control, and plain text not transmitted on any networks on which the overseers have machines or are able to attach machines. If you use their computers (including if you run the encryption program on a unix machine operated by them), then everything you do is available to them, theoretically. But perhaps you were asking "*May* my ISP monitor X": is it allowed, is it ethical. I think most sysadmins would feel that once there is reasonable suspicion that you are acting improperly (breaking into computers, violating the acceptable use policy, etc), that it is ethical for the admins to take a closer look. It's unlikely that it's *illegal* for them to look at your stuff or what you're doing, although there are some exceptions. Under certain court orders or subpoenas, it may be illegal for them *not* to look at your files or what you're doing. Many believe inquiry not in a case of suspicion and not under a court order is unethical. This is a potential topic for discussion in comp.security.misc and comp.security.unix, but posters should refrain from the argument that "they paid for it, they can do what they like with it" (which is sometimes advanced in the case of employers or educational institutions). This is surely false in general and thus not the basis for a convincing argument. For example, if they do something criminal with their equipment, it's a criminal act, they can be charged criminally, it doesn't matter that they paid for it. Similarly, if they do something unethical, it's unethical even though they paid for it. The whole concept of professional ethics is based on the idea that ethics transcends legality: the idea that an action can be legal but unethical. If "they paid for it" means that all legal acts are ethical, then you've pretty much defined away the whole idea of professional ethics. *That* is probably best not attempted on comp.security.misc/unix. User Contributions:Top Document: comp.security.unix and comp.security.misc frequently asked questions Previous Document: Is a portscan of a machine malicious/illegal/unfriendly? Next Document: Why do some people get so upset when system penetration is called "hacking"? Single Page [ Usenet FAQs | Web FAQs | Documents | RFC Index ] Send corrections/additions to the FAQ Maintainer: flaps@dgp.toronto.edu (Alan J Rosenthal)
Last Update March 27 2014 @ 02:11 PM
|
Comment about this article, ask questions, or add new information about this topic: