Friday, February 22, 2008

Union on sharing of passwords at SJSU

This is an Email from Dennis Fox that was sent to staff employees at SJSU. Fox is a Network Analyst for the networking group in University Computing & Telecommunications at SJSU and is the Chief Steward for the SJSU chapter of the California State University Employees Union, the staff employees union at SJSU. Fox sent this Email in his role as a union steward:

It has come to the attention of the Union that some managers/supervisors are asking their employees to provide username and password information for email and computer accounts and voice mail PIN numbers for voice mailbox access. Everyone needs to be aware that sharing this information with anyone is a violation of University policy and should never be done.

I will cite three references here to demonstrate that you are required by the University to keep this information to yourself and to show that anyone requesting this information is asking you to violate campus policy.

The policy "Privacy of Electronic Information and Communications" makes a clear statement about the privacy of email and files stored on computers, "All electronic mail and files in authorized accounts stored on any campus computing systems shall be considered to be private and confidential, except as required by state or federal law." See http://www.sjsu.edu/senate/f97-7.htm for the complete document.

The "Information Technology Resources Responsible Use Policy" tasks every individual with the reponsibility to keep their passwords secure and secret, "In accordance with California State Penal Code Section 502, CSU's 4Cnet Acceptable Use Policy and other policies and laws, activities and behaviors that threaten the integrity of computer networks or systems are prohibited on both University-owned and privately-owned equipment operated on or through University resources. These activities and behaviors include, but are not limited to:
. . .
4. Negligently or intentionally revealing passwords or otherwise permitting the use by others of University-assigned accounts for computer and network access. Individual password security is the responsibility of each user. The user is responsible for all uses of their accounts, independent of authorization." The full text of this policy is available at http://www.sjsu.edu/senate/S02-8.htm

The California State University "Policy on E-mail Privacy" states, " 1. All authorized e-mail accounts stored on the CSU telecommunications network shall be considered to be confidential.
2. Requests for access to these accounts or disclosure of confidential information, for any purpose other than technical problem resolution will be reviewed by the senior Academic Affairs Officer, and honored only when required by state or federal law, or when there is probable cause to suspect illegal activity."

The Union encourages any employee who has been asked/ordered to provide electronic access information to contact a Union steward. Please let us know who requested this information. If the request was in writing we would appreciate a copy. If you have already supplied this information, we encourage you to change your passwords to secure your accounts. The Union will attempt to work with University management to bring a halt to password requests of this nature.

Technorati Tags: , , , , , , ,

No comments: