Skip to main content

Advertisement

SpringerLink
Log in

Managing university internet access: balancing the need for security, privacy and digital evidence

  • Original Paper
  • Published:
Journal in Computer Virology Aims and scope Submit manuscript

Abstract

The provision of high speed, reliable Internet access and the ability to support secure and flexible on-line systems for research, teaching and administration has become critical to the success of Australian Universities. An exponential growth in Internet traffic has led to ever increasing costs for the provision of these services at a time when most Australian Universities have been experiencing tighter budgetary conditions. Significantly, alongside these financial concerns, Universities have started to recognise the emergence of a range of other issues related directly to the nature of on-line behaviours engaged in by the diversity of users that Universities are now expected to support. These on-line behaviours are challenging Universities to find responses to balancing users’ right to privacy and freedom of speech with the need to protect against legal action arising from criminal, illegal or inappropriate behaviours by some users on University networks. As part of the responses being developed, many Universities have introduced Internet Management Systems (IMS), similar to the systems used by many Internet Services Providers (ISPs). This paper presents a case study on the experience of the University of Tasmania (UTAS) in introducing an IMS. The case study covers the period from the initial ‘call for proposals’ through to the deployment of the new IMS system. The paper highlights that decisions pertaining to the IMS systems have direct implications for balancing the competing rights, interests and requirements of different stakeholders. More specifically the case study highlights the impact of the changing nature of users’ relationships with the Internet and the need for vigilance on the part of users, network administrators, service providers and policy makers. The dangers of failing to get the right balance are presented and the paper argues for the importance of user education, change management and communication throughout the University and its broader community of users. The paper also briefly considers how Australia’s planned accession to the Council of Europe’s Convention on Cybercrime may impact on these issues. More broadly, this paper suggests that additional changes will emerge as IPV6, companies like Google and cloud computing architectures reconfigure individual users relationships with ‘their’ information and access to the Internet. These developments will continue to transform the meaning of concepts such as ownership and control, privacy and freedom of speech within and beyond on-line environments.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Sony Music Entertainment (Australia) Limited v University of Tasmania.: FCA 532 (30 May 2003). Federal Court of Australia (2003)

  2. Sony Music Entertainment (Australia) Limited v University of Tasmania.: FCA 724 (18 July 2003). Federal Court of Australia (2003)

  3. Sony Music Entertainment (Australia) Limited v University of Tasmania.: FCA 805 (29 July 2003). Federal Court of Australia (2003)

  4. Sony Music Entertainment (Australia) Limited v University of Tasmania.: FCA 929 (4 September 2003). Federal Court of Australia (2003)

  5. Broucek, V.: Forensic Computing: Exploring Paradoxes—an investigation into challenges of digital evidence and implications for emerging responses to criminal, illegal and inappropriate on-line behaviours. School of Computing and Information Systems, PhD, pp. 299. University of Tasmania, Hobart (2009)

  6. Broucek V., Turner P., Frings S.: Music piracy, universities and the Australian Federal Court: issues for forensic computing specialists. Comput. Law & Secur. Report. 21, 30–37 (2005)

    Article  Google Scholar 

  7. McCullagh, A., Caelli, W.: Extended case note and commentary: Sony Music Entertainment (Australia) Limited & others v. University of Tasmania & others [2003] FCA 532 (30 May 2003). Comput. Law J. (53). Available at http://www.nswscl.org.au/journal/53/McCullaghCaelli.htm (2003)

  8. Federal Government of Australia. http://www.foreignminister.gov.au/releases/2010/fa-s100430.html

  9. Council of Europe.: Convention on Cybercrime. In: Europe, C.o. (ed.) European Treaty Series—No. 185. Council of Europe, Budapest (2001)

  10. Personal Information Protection Act 2004 (No. 46 of 2004). Tasmania, Australia (2004)

  11. European Parliament, Council of the European Union: Directive 2002/58/EC—Directive on Privacy and Electronic Communication. Off. J European Commun L, pp. 37–47 (2002)

  12. Bita, N.: Privacy laws get internet update. The Australian. Nationwide News Pty Limited (2010)

  13. Privacy Act 1988 (Act No. 119 of 1988). Australia (1988). http://www.comlaw.gov.au/

  14. Broucek, V., Turner, P.: E-mail and WWW browsers: a forensic computing perspective on the need for improved user education for information systems security management. In: Khosrow-Pour, M. (ed.) 2002 Information Resources Management Association International Conference, pp. 931–932. IDEA Group, Seattle Washington, USA (2002)

  15. Biskup, J., Flegel, U.: On pseudonymization of audit data for intrusion detection. Workshop on design issues in anonymity and unobservability, vol. 2009, pp. 161–180. Springer, Berlin, Heidelberg, Berkeley, California (2000)

  16. Biskup, J., Flegel, U.: Transaction-based pseudonyms in audit-data for privacy respecting intrusion detection. Third International Workshop on Recent Advances in Intrusion Detection (RAID 2000), vol. 1907, pp. 28–48. Springer, Berlin, Heidelberg, Toulouse, France (2000)

  17. Biskup, J., Flegel, U.: Threshold-Based Identity Recovery for Privacy Enhanced Applications. In: 7th ACM Conference on Computer and Communications Security (CCS 2000), pp. 71–79. ACM, Athens, Greece (2000)

  18. Jorns O., Jung O., Quirchmayr G.: Transaction pseudonyms in mobile environments. J. Comput. Virol. 3, 185–194 (2007)

    Article  Google Scholar 

  19. Lundin E.: Anomaly-based intrusion detection: privacy concerns and other problems. Comput. Netw. 34, 623–640 (2000)

    Article  Google Scholar 

  20. Lundin, E., Jonsson, E.: Privacy vs intrusion detection analysis. The 2nd International Workshop on Recent Advances in Intrusion Detection (RAID’99), Lafayette (1999)

  21. Lundin, E., Kvarnström, H., Jonsson, E.: Generation of high quality test data for evaluation of fraud detection systems. The sixth Nordic Workshop on Secure IT systems (NordSec2001), Copenhagen, Denmark (2001)

  22. Sobirey M., Fischer-Hübner S., Rannenberg K.: Pseudonymous audit for privacy enhanced intrusion detection. In: Yngstrom, L., Carlsen, J. (eds) IFIP TC11 13th International Conference on Information Security (SEC’97)., pp. 151–163. Chapman & Hall, London, Copenhagen, Denmark (1997)

    Google Scholar 

  23. Clayton, R., Danezis, G., Kuhn, M.G.: Real World Patterns of Failure in Anonymity Systems. In: 4th Information Hiding Workshop 2001, Holiday Inn University Center, Pittsburgh (2001)

  24. Broucek V., Turner P.: Risks and solutions to problems arising from illegal or inappropriate on-line behaviours: two core debates within forensic computing. In: Gattiker, U.E. (eds) EICAR Conference Best Paper Proceedings, pp. 206–219. EICAR, Berlin (2002)

    Google Scholar 

  25. Hannan, M., Turner, P.: The Last Mile: Applying traditional methods for perpetrator identification in forensic computing investigations. In: Conference The Last Mile: Applying Traditional Methods for Perpetrator Identification in Forensic Computing Investigations (2004)

Download references

Author information

Authors and Affiliations

  1. School of Psychology, University of Tasmania, Private Bag 30, Hobart, TAS, 7001, Australia

    Vlasti Broucek

  2. School of Computing and Information Systems, University of Tasmania, Private Bag 87, Hobart, TAS, 7001, Australia

    Paul Turner

  3. IT Resources, University of Tasmania, Private Bag 69, Hobart, TAS, 7001, Australia

    Mark Zimmerli

Authors
  1. Vlasti Broucek
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Paul Turner
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mark Zimmerli
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vlasti Broucek.

Additional information

An earlier version of this case study was published in proceedings of the 19th Annual EICAR Conference 2010.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Broucek, V., Turner, P. & Zimmerli, M. Managing university internet access: balancing the need for security, privacy and digital evidence. J Comput Virol 7, 189–199 (2011). https://doi.org/10.1007/s11416-010-0147-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-010-0147-z

Keywords

Search

Navigation