Ever feel a twinge of guilt when Web browsing or passing along the latest batch of email jokes to friends? Are you breaking any rules if you do this from a UCLA workstation during your workday? While courts have ruled in many cases that employers have a right to see workers' email, is this applicable at UCLA? Such ticklish questions fall under the purview of a UC-wide policy governing all forms of campus electronic communications, including voicemail, faxes, Web-surfing and more.
That policy, enacted in November 2000, was one of the topics covered in a wide-ranging discussion of cyberlaw, cybercrime and their impact on an individual's right to privacy, intellectual property and free speech. To update the campus, BruinTech — a new program launched by Associate Vice Chancellor Jim Davis of Information Technology to bring information about IT to techies and non-techies alike through a central portal — convened a panel of cyber-experts for the first of a series of seminars July 19 at Korn Convocation Hall.
Participants included Stuart Biegel, UCLA senior lecturer in education and law; Assistant U.S. Attorney Arif Alakhan; FBI Agent Ken McGuire of the Los Angeles Cyber-Crime Squad; UCLA's IT Security Administrator and Policy Coordinator Kent Wada; UCLA Police Department Detective Tony Duenas; and UCLA Campus Counsel Ruth Simon.
At UCLA, as elsewhere, incidents of defacement of campus Web pages, denial-of-service, virus attacks and other forms of intrusion are becoming more frequent, noted Wada of Administrative Information Systems. But the need for security is being balanced at the University by the need to protect personal privacy and the open exchange of information. "The University has placed really high barriers to make sure that personal privacy is protected as well as it can be," said the Security Administrator.
For example, to look at an employee's email, a supervisor must obtain that person's consent or the approval of a vice chancellor, who can authorize it for a very limited number of reasons as specified in the UC Electronics Communications Policy. Managers may have legitimate reasons to see an employee's email, such as when someone is on vacation or sick and vital information is locked away in an email box. To avoid this problem, Wada advised managers to consider setting up email accounts based on function and accessible by multiple employees rather than depending on an individual's account.
Can employees use UCLA workstations for personal reasons? According to the policy, personal incidental use — surfing the Web or emailing jokes — is permitted, just as using the office phone to call home is allowed, Wada said, as long as these activities are not abused.
Here are other caveats provided by panelists and the UCLA Medical Enterprise Information Security:
Do not accept "remember password" options on even secure sites. Provide as little information as possible when asked to supply personal data. And never agree to store credit card information online.
Be careful when accepting downloads. You place yourself and the University at risk when you install or operate unlicensed software on UCLA PCs.
Always close your browser when you're finished using the Internet. This will terminate active connections to remote Web sites.
Do not put anything in an e-mail that you wouldn't write on a postcard. If it's sensitive, pick up the phone and call.
(featured in UCLA Today - August 26, 2001, by Cynthia Lee, UCLA Today Staff)