Looking at CITES

In June, independent market research company eMarketer released a study that showed the average American spends 23 hours a week online. More than 70 percent of users spent that time checking and updating Facebook, Twitter and Instagram at least once a day. Users also reported spending nearly eight hours a week checking their email. With such a plethora of personal information posted online, it’s no surprise that Americans felt violated when former government contractor Edward Snowden leaked the details of PRISM, a National Security Agency program designed to collect and analyze Internet data under the guise of protecting Americans from foreign threats.

While all Americans were suspect to having their Internet use monitored by the government, young Americans were particularly at risk of having their Internet privacy violated. A study conducted in May by the Pew Internet & American Life project showed that 89 percent of Internet users from the age of 18 to 29 used social networking sites such as Facebook and Twitter.

Given college students’ high use of social media and the Internet, concerns frequently crop up regarding privacy. But what kind of of oversight are students subject to when using the University network?

There are two main methods of collecting data on Internet usage: network traffic monitoring and packet sniffing. Both methods provide different types of information. Network traffic monitoring provides information about the connections a computer makes on a network (such as the duration of the connection and the IP addresses involved), and packet sniffing provides log files, or the contents of the transmitted data (such as emails and Facebook messages), on the connections the computer makes.

At the University, CITES oversees the majority of the University network used by students and faculty. They manage the network based on the campus Policy for Appropiate Use of Computers and Network Systems.

The policy states that CITES is allowed to disconnect any users from the network if they detect illegal activities or that the user is a security threat. Despite the concerns about the NSA’s privacy-infriging program, CITES does not go to such far lengths to monitor the University network. In fact, according to the CITES’ chief privacy and security officer, Michael Corn, CITES only uses network traffic monitoring to determine if any misuse of the network occurs.

While it does not reveal the data transferred through the connection, network traffic monitoring measures the duration of the connection as well as the amount of data transferred.

“There are certain machines that will be compromised with a virus, and they will start scanning the network looking for other machines that are vulnerable. We detect all those connections — we don’t see the content of that scan — but we see that the connection took place. A normal machine may talk to another machine when its making a web request, but suddenly you have one machine that is suddenly connecting to 15,000 computers on campus. That’s suspect, and it might help us out in our investigation,” Corn said.

Corn also stated that the University does value the privacy of its students and faculty and does not using packet sniffing to collect the content of data transferred on the University’s network. In fact the data collected by the network traffic monitoring is only stored for 30-60 days and is mostly used for identifying areas of the network that require greater growth and support.

While there is still the possibility of abuse with the data collected from network traffic monitoring, the benefit of such data collection outweighs the risks. John Myrda, assistant IT specialist at Engineering IT on campus, revealed that monitoring network traffic has helped Engineering IT protect its network and prevent abusive users from compromising the network for other users.

“We often restrict ports when we see unusual traffic like BitTorrent,” Myrda said. “That’s because traffic like that would hammer the firewalls and cause slowdowns in network traffic for everyone.”

Despite these reassurances, Internet service providers have long collected network traffic monitoring data on their users, as CITES does. But the revelation of the NSA’s data collection this summer proved that the government could gain access to these databases at whim. Even large Internet companies like Facebook and Google were forced to cooperate and allow access to their large databanks.

CITES fully cooperates with law enforcement agencies during their investigations, and it does make efforts to protect the privacy of its users.

“Periodically we’ll get requests from various government agencies, and they’ll say ‘We’re in the middle of an investigation, and we found this IP address on your network doing something bad,’” Corn said.

He explained that most of the requests for data they receive are limited in scope, and CITES does its best to further limit that scope. “I feel very comfortable that we protect the kind of information we collect about the network and activity on the network tremendously” Corn said. “And I hope people appreciate that.”

Brian can be reached at [email protected]