References

It is not possible to list all the legislation which applies to the work of system and network Administrators. However the following Acts are particularly relevant to the activities covered by this charter.

• The Regulation of Investigatory Powers Act (2000) and the secondary Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000
• The Data Protection Act (1998)
• The Human Rights Act (1998)
• The Data Protection Act (1998)
• The Regulation of Investigatory Powers (RIP) Act 2000: Email and Telephone Monitoring
• The Office of the Information Commissioner publishes advice and guidelines from time to time, for example on Monitoring at work
• JISC have published Senior Management Briefing Papers which discuss the specific implications of legislation for the education community

A selection of examples have been written to illustrate how the charter might be applied to particular situations.

Modifying or deleting information

Mail loops/quota problems

Two common situations cause problems for electronic mail systems: users who forward mail to themselves (thus creating a loop) and users who run out of quota on their inbox. In both cases the mailhub responsible is likely to be affected, potentially degrading the service to other users. This is therefore an operational problem. An Administrator is entitled to remove the offending configuration, or move mail out of the full mailbox. A copy of the moved information should be left available to the user, and the user informed as soon as possible.

Deleting messages from mailboxes

Administrators are sometimes asked to delete messages from mailboxes belonging to other users. This is almost invariably for policy reasons, and involves the destruction of information held by a third party. Such actions must be Authorised individually by Management.

Removing published information from a web server

Although this is a similar situation to the previous example, there is an additional legal complication. If material that is defamatory, breaches copyright, etc. is published on a web or other server, then the owner of the server may be held liable for the publication. For this reason any organisation with public servers is strongly recommended to have a formal procedure for preventing further distribution of such material if a complaint is received. This is commonly known as a 'take-down procedure'. As there are likely to be legal implications for the organisation, take-down procedures should not be left to Administrators to write. Administrators receiving complaints about defamatory or copyright material on servers should always bring these to the attention of the Management. File permissions can usually be changed to prevent further distribution without destroying the information.

Using logfiles

Investigating service failures

The job of a Administrator is to ensure that the system is available for Authorised users. Where faults or misuse threaten the availability of the service, for example if there is an unusual load or unexpected failures, then they are expected to investigate this. This is likely to involve examining relevant logfiles or network traffic. As the problems are concerned with the operation of the system, an Administrator may investigate without seeking specific permission, however any information discovered that is not relevant to the investigation must be treated as confidential.

Investigating receipt of inappropriate e-mail

If a local user complains about a particular e-mail they have received then there should be no problem in requesting their explicit permission for any inspection of their mailbox or files that may be necessary. Checks may also be needed on the logs of mail and other servers through which the message may have passed. If the mail has caused an operational problem then it should be dealt with as described above; if not then it will normally need to be dealt with as a policy matter. Before checking the logs of systems with multiple users, a warning should have been published that the logs may be examined for such purposes. Some e-mails may involve illegal content - these should be reported to the Management as soon as possible.

Using cache logs to trace fraud

A rather common request to operators of web caches and other proxies is to use their logs to trace illegal activity, for example the use of stolen credit card numbers to buy goods. Since such activities are criminal, there should be no difficulty about helping law enforcement officers in their investigations. Note however that any personal data should only be released through the proper procedure as laid out in the Data Protection Act 1998. For criminal investigations the Police should provide a section 29(3) form as part of their request for information to satisfy the requirements of that section of the Act.

Using cache logs to monitor user activity

Cache logs can also be a fruitful source of information about user activity but, unless the activity is criminal or has caused an operational problem, such investigations must be treated as a policy matter. Users must therefore be informed in advance that such monitoring may take place. If the Administrator is not confident that this has been done they must not obtain or provide access to the information. Logs must only be used as part of specific investigations and not for general "fishing trips".

Monitoring use

E-mail monitoring

Some organisations wish to monitor the content of e-mail or other traffic in or out of their networks to check compliance with policies. Users should always be informed of the likelihood of such monitoring as a condition of use of the network. Policy monitoring that results in messages being seen by people other than the sender and recipient is illegal if users have not been informed, and Administrators should not be expected to participate in such monitoring unless they are sure that this has been done.

Screen/keyboard monitoring

Systems exist that can remotely monitor the screens and keystrokes of individual workstations. Such systems have the potential to be extremely intrusive and should be implemented, if at all, with extreme caution. One useful application is to allow the user to demonstrate a problem to a remote helpdesk; any such systems should always be under the user's control and it must be made clear before using them how to start and turn off the remote monitoring. Users must be informed of the possibility of such monitoring, and any information obtained must be treated as confidential.

Virus checking

Many organisations automatically scan e-mail messages for viruses. If this scanning is done by computers, and provided the process does not reveal the content of messages to Administrators or others, then there is no invasion of privacy and no obligation to notify users. However it is good practice to inform users of such systems, if only to forestall complaints when an infected message is detected.