Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Got a Legal/Moral Situation

  1. #1
    Join Date
    Jan 2007
    Location
    Cupertino, California
    Posts
    2,130

    Default Got a Legal/Moral Situation

    So as some of you may know, I am only 16. Recently, while using the computers at school, I was confronted by the Librarian because one of my passwords had "inappropriate" language in it. My first question was, why do you know my password, the next was, "Aren't key logger's illegal?"

    So here I am, after much research, I have discovered that, yes, key loggers, active or passive, are illegal to use without the other party's consent/knowlage. Not only did I get in trouble for my password, but upon questioning the legality of the system in place, it was considered "disruptive" and I got in trouble for that.

    Now my problem with this. They have logged and recorded every keystroke I have made, and that includes eBay, paypal, and other passwords protecting sensitive information like buyer's addresses and names. Second, this information is not secure at all and with my laptop on the network at school, I am able to download these logs from the server. This very much angers me and I would like to do something about it. I have already talked to the principal and she says that if I can 100% prove that illegal actions are being committed, there will be changes. She says that as far as she knows, the schools are not exempt from federal laws and that the use of a active key logger would be in violation of this.

    So, I don't know weather to just drop the issue or peruse it until something is changed. I would very much like to just have the software removed and the logs deleted, but I know that that will not happen without a good motivation.... What's your take on the issue?
    CLICKY!!!

    Admin: In the immortal words of Captain Planet: YOU HAVE THE POWER
    Admin: (To quit being a bitch)

  2. #2
    Join Date
    Jan 2006
    Location
    Charleston, SC
    Posts
    2,147,489,446

    Cool

    Ordinarily, you might have a case, but here's the rub: It's a school.

    That's the key. You don't have an expectation of privacy on a school network - at least not for anything below the college level. (And maybe not even there - see recent disputes between the RIAA and various colleges over filesharing students' identities.) They are expected to monitor your activities in order to maintain order and discipline in the school.

    While it might seem to be a stretch to extend that to a keylogger, remember that the school provides a connection to the Internet for you to learn, not for you to conduct business on E-bay. There isn't any reason for you to be making payments with PayPal during school hours, either. So yeah, I can completely see them coming away clean on this. Remember that the wiretapping statute (which the keylogging rule is a subset of) is only applicable in cases where the other person has a reasonable expectation of privacy.

    Consider this: Even at work (where I am now), the Internet connection is only supposed to be used for "business purposes". (Yeah, right. ) They know damn well that people go to Amazon and E-bay from time to time. But they *could* crack down on that behavior any time they wanted. (And no, just because they don't block it at the firewall doesn't mean it's OK to go there. The blanket policy of "business use only" covers them. Besides, some managers might be buying business-related stuff...)

    Also, I know that *all* my e-mail messages from work are pre-scanned for profanity before they are sent, and anything that gets caught by the bot is automatically bounced back to me with the offending word(s) highlighted. I imagine some IT drone gets a copy as well, but so far I haven't heard anything about the couple messages that have been bounced so far. Still, there was *never* any mention of e-mail monitoring in the computer use agreement that I signed when I took the job. It's just one of those things that "the man" can do to you if he wants to be a prick. (And believe me I was damn surprised when that first message got bounced!) So there's a type of keylogger that is in use WITHOUT my explicit permission, but because it's a work computer that is supposed to be used for business purposes, there isn't a reasonable expectation of privacy. (I'm not supposed to be doing private things at work.) So they're in the clear...

    In your case, I don't think you can claim that you had a reasonable expectation of privacy at school. In the post-columbine era, a school is expected to look out for the safety of the students, and I'll wager most parents would applaud the school's keylogging efforts. (I wouldn't, but I'm not "most parents". ) As for your client's information that may have also been compromised, I'd say they're going to fall back on the "don't use the network for non-school purposes" excuse. And again, I'll bet that most parents will agree with the school 100%.

    Bottom line: do your business at home on your own Internet connection. There you *do* have an expectation of privacy, and if you could ever prove that your ISP is running a keylogger you would have an iron-clad case. But not in school.

    Another work-around would be to purchase a cellular air-card for your laptop. You can get all-you-can-eat data-only plans for around $30 per month - maybe less even. (Talk to Allthatwhichis and see if he can hook you up with a deal; he works for Sprint/Nextel) Then you can surf all you want and be assured of privacy.

    But really, if you're in school - even on your lunch break - you ought to be working on school work and not buying stuff on E-bay. If you want to snipe auctions that end during the school day, sign up for an account on auctionsniper.com.

    My $.02 anyway... IANAL.

    Adam

    PS: Personally, I think it sucks, and I feel your pain. But I also think you're fighting a loosing battle here. What do your folks think? (Or don't you want them to know about you surfing the 'net while you're at school?) Also, I'd be *very* careful about pointing out that the logs on the server are accessible to students... Granted, it means they have non-existent network security, but school administrators don't like to be told that by 16-year old students. Especially 16-year old students that have already been labeled "disruptive". Not saying it's right - just saying "watch your ass". Getting your parents involved (assuming they're technical enough to understand network security) will help your case a lot.

  3. #3
    Join Date
    Jan 2007
    Location
    Cupertino, California
    Posts
    2,130

    Default

    Quote Originally Posted by Buffo View Post
    Ordinarily, you might have a case, but here's the rub: It's a school.

    That's the key. You don't have an expectation of privacy on a school network - at least not for anything below the college level. (And maybe not even there - see recent disputes between the RIAA and various colleges over filesharing students' identities.) They are expected to monitor your activities in order to maintain order and discipline in the school.

    While it might seem to be a stretch to extend that to a keylogger, remember that the school provides a connection to the Internet for you to learn, not for you to conduct business on E-bay. There isn't any reason for you to be making payments with PayPal during school hours, either. So yeah, I can completely see them coming away clean on this. Remember that the wiretapping statute (which the keylogging rule is a subset of) is only applicable in cases where the other person has a reasonable expectation of privacy.

    Consider this: Even at work (where I am now), the Internet connection is only supposed to be used for "business purposes". (Yeah, right. ) They know damn well that people go to Amazon and E-bay from time to time. But they *could* crack down on that behavior any time they wanted. (And no, just because they don't block it at the firewall doesn't mean it's OK to go there. The blanket policy of "business use only" covers them. Besides, some managers might be buying business-related stuff...)

    Also, I know that *all* my e-mail messages from work are pre-scanned for profanity before they are sent, and anything that gets caught by the bot is automatically bounced back to me with the offending word(s) highlighted. I imagine some IT drone gets a copy as well, but so far I haven't heard anything about the couple messages that have been bounced so far. Still, there was *never* any mention of e-mail monitoring in the computer use agreement that I signed when I took the job. It's just one of those things that "the man" can do to you if he wants to be a prick. (And believe me I was damn surprised when that first message got bounced!) So there's a type of keylogger that is in use WITHOUT my explicit permission, but because it's a work computer that is supposed to be used for business purposes, there isn't a reasonable expectation of privacy. (I'm not supposed to be doing private things at work.) So they're in the clear...

    In your case, I don't think you can claim that you had a reasonable expectation of privacy at school. In the post-columbine era, a school is expected to look out for the safety of the students, and I'll wager most parents would applaud the school's keylogging efforts. (I wouldn't, but I'm not "most parents". ) As for your client's information that may have also been compromised, I'd say they're going to fall back on the "don't use the network for non-school purposes" excuse. And again, I'll bet that most parents will agree with the school 100%.

    Bottom line: do your business at home on your own Internet connection. There you *do* have an expectation of privacy, and if you could ever prove that your ISP is running a keylogger you would have an iron-clad case. But not in school.

    Another work-around would be to purchase a cellular air-card for your laptop. You can get all-you-can-eat data-only plans for around $30 per month - maybe less even. (Talk to Allthatwhichis and see if he can hook you up with a deal; he works for Sprint/Nextel) Then you can surf all you want and be assured of privacy.

    But really, if you're in school - even on your lunch break - you ought to be working on school work and not buying stuff on E-bay. If you want to snipe auctions that end during the school day, sign up for an account on auctionsniper.com.

    My $.02 anyway... IANAL.

    Adam

    PS: Personally, I think it sucks, and I feel your pain. But I also think you're fighting a loosing battle here. What do your folks think? (Or don't you want them to know about you surfing the 'net while you're at school?) Also, I'd be *very* careful about pointing out that the logs on the server are accessible to students... Granted, it means they have non-existent network security, but school administrators don't like to be told that by 16-year old students. Especially 16-year old students that have already been labeled "disruptive". Not saying it's right - just saying "watch your ass". Getting your parents involved (assuming they're technical enough to understand network security) will help your case a lot.
    I totally understand that I have no expectation to privacy, but the loophole in that is we signed a document stating the rights of Admin and Students. Careful reading shows that nowhere does it say that keystrokes may be logged.

    The reason they gave for the problem with my password was that it could be "disturbing" to the people next to me. True, if they can read an encrypted Cisco hash, they might be offended. They should not be looking at the screen in the first place and also second, in no why would they have been able to read what I typed.

    If the school informed the student body that they were logging every key stroke that would be one thing. I would be fine with that as long as they are not stored in a location with the password "default". Common! This is just stupid that there is nothing we can do about it!

    True there is no reason I have to log into paypal or eBay at school. But then again, there is no reason I should be afraid to do so! Als, why would they be reading my password!

    My parents have heard the entire story from the dean and they agree with me that what happened was total BS.

    And then on top of all that, the thing that really pisses me off. I get called disruptive for trying to nicely find out what my rights as a student are!
    CLICKY!!!

    Admin: In the immortal words of Captain Planet: YOU HAVE THE POWER
    Admin: (To quit being a bitch)

  4. #4
    Join Date
    Jan 2006
    Location
    Charleston, SC
    Posts
    2,147,489,446

    Cool

    Well, you're walking a thin line, but that document you signed might help your case. If it didn't specifically mention "school-use only", and didn't have any draconian language about the school doing any monitoring, you *might* be able to buffalo them with your parent's help.

    Mind you, I still don't think you woud win if it ever went to court, but you might be able to argue vehemently enough that the school backs down and purges the log files at least. Sounds like that would be an acceptable compromise.

    The whole "disturbing to others" line is complete BS and sounds like it was made up on-the-spot, so you've probably got them on the defensive already. But be careful. If they get too threatened, they'll lawyer up, and then you're probably hosed.

    If you can get them to agree to purge the log files, then I'd talk to them about security. Be honest, be helpfull. Volunteer to show them where they've totally screwed up. Maybe you can work with them instead of against them in the future. But again, you're going to want your parents standing right there with you when you present this. (I hope your Mom and Dad can talk tech...)

    As for getting rid of the keylogger? Good luck. That's going to be a damn hard case to win. Consider the extreme: A kid is planning a Columbine-style shootout and sends IM's to his buddy via the school's computer system. After the tragedy occurs it's discovered that the school had a method in place to intercept and read these messages, and possibly act on them to prevent the shooting, but they deactivated it over concerns of student privacy with regard to E-bay and Paypal passwords...

    Yeah, it's a shamefully biased example, but that's how it will play in the mainstream media. That's what you're fighting pal...

    Adam

  5. #5
    Join Date
    Apr 2007
    Location
    Toronto Canada
    Posts
    1,120

    Default

    They must inform you or your parents about the fact that everything is being logged. Otherwise it's not legal. If they did inform you about the fact. Well they have a full right to do whatever them pleased. But complaining about the password to be a swear word. LOL. Do they have no more things to do.
    I hired an Italian guy to do my wires. Now they look like spaghetti!

  6. #6
    Join Date
    Dec 2006
    Location
    Pflugerville, TX, USA
    Posts
    1,977

    Default

    Even if you win you won't win anything. So, unless you just want to make a big stink I'd recommend that you just move on and watch what you do on the school computers. I bet that if you did decide to pursue it you could really turn a lot of heads and even get regional or maybe even national coverage of the incident... but 16 yrs old should haven't to worry with that stuff. Go back to having fun and chasing girls and messing with lasers.

  7. #7
    Join Date
    Apr 2007
    Location
    Toronto Canada
    Posts
    1,120

    Default

    Quote Originally Posted by carmangary View Post
    Go back to having fun and chasing girls and messing with lasers.
    Amen to that!

    Girls
    beer (ohh 16... energy drinks then) and lasers...

    Oh I have to go to do that rightnow.
    I hired an Italian guy to do my wires. Now they look like spaghetti!

  8. #8
    Join Date
    Jan 2007
    Location
    Cupertino, California
    Posts
    2,130

    Default

    Well, everything is riding on the response I get back from the Principal. I believe that this is not an issue about proving I'm right, but informing people about what is really going on in the school. If this does turn out to be something I can prove is illegal, I will take this to the district and get something done about it. I don't care if it is moral or not, it's illegal and that's what matters.
    CLICKY!!!

    Admin: In the immortal words of Captain Planet: YOU HAVE THE POWER
    Admin: (To quit being a bitch)

  9. #9
    clandestiny's Avatar
    clandestiny is offline Eleventy-Billion Watt Ar/Kr >:)
    Join Date
    Dec 2006
    Location
    somewhere between orlando and san antonio
    Posts
    557

    Default

    If you really want to stir the shit on this, call the chairman of your local ACLU chapter. you may even get your 5 minutes of fame on cnn.


    dont taze me bro- lol
    go big or go home

  10. #10
    Join Date
    Nov 2005
    Location
    Melbourne, Australia
    Posts
    3,702

    Default

    Quote Originally Posted by Buffo View Post
    You can get all-you-can-eat data-only plans for around $30 per month - maybe less even.
    WTF? We pay $30 for 1g here
    KVANT Australian projector sales
    https://www.facebook.com/kvantaus/

    Lasershowparts- Laser Parts at great prices
    https://www.facebook.com/lasershowparts/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •