Re: [SAGE] Internet History tool

[Ruth Milner <rmilner@nmt.edu>]

Aaron Bridge wrote:

> This would be ok for long term, but I only have four hours.
 > This is a very confidential assignment.  Nobody in the office
 > is to know what I am doing.

Unless the company has a well-established and well-publicized policy
which states that a) employees have no right to expect privacy on
company computers and b) such audits may be conducted at any time,
this could indeed be a nasty squirmy bag of worms (as Etaoin so
graphically put it :-) ). You might do some research on legal
decisions, particularly on the distinction between ownership of
data on company computers vs employee monitoring.

So get a printed copy of that policy along with the recommended
written authorization to do this work. If there isn't one, or they
decline to give you either of these, I would personally be inclined
to pass on the job if I possibly could.

And even if you have all that, consider what could happen if the
sysadmins there have system auditing enabled. If they find
apparently-unauthorized access(es) and start digging, will the
person who has authorized this work be in the chain of incident
reporting where they can plausibly drop or explain it? Could one
of the higher links in that chain be, or be connected to, the true
target of the analysis, and become suspicious about it? (This is
one of a very few reasons I can think of why their own admins
aren't doing it, the others being incompetence or the use of
outside auditors as SOP.)

I see a lot of ways this could end up causing a real stink, and in
most of them that stink could well reach you - weeks, months, or
(given the U.S. legal system) even years down the road.

Ruth