Death Threat Woes

Sarah Crary Gregory sgregory at lclark.edu
Mon Oct 27 13:28:47 EST 1997


The ISP where my personal account resides was simply used as a remailer
by someone sending threats to the White House earlier this year - it
was pretty obvious from the messages that they originated elsewhere and
were simply rerouted through our small local provider as a lame attempt
at disguise. As a good friend of the sysadmin/token JD, I spent about
a week helping him find a *very* good federal lawyer, and then interpreting
the lawyer's instructions for him. 

It was pursued with relentless seriousness, even after it was patently
obvious even to the FBI that our local folks had nothing to do with it.
The sysadmin's biggest hurdle was in his refusal to simply hand over
all of the mail archives and backups that the FBI had originally 
requested. He was ultimately successful in preserving the integrity 
and privacy of the files, but only after much legal wrangling and
pretty conclusive proof that none of his users had been involved. Without
such a clear trail left by the perpetrator, he'd likely have been forced
to turn everything over - possibly including the hardware running the
ISP itself.

Since then, that ISP has been retrofitted with insanely high levels
of security to prevent such misuse, and the sysadmin has authenticated
the identity of each of his subscribers. Some complained about having
to provide proof of identity, but compared to having the mail spool
compromised, it's a small price to pay.

We've done nothing even remotely comparable here, but in theory we could
track down users by date and time of the message plus a terminal ID, IF
the request was made before backups were overwritten.

>   - what kind of records does the library keep on web service users (and 
> why);

all users must have a login and password to access a machine, and each
machine has a distinct address on our network. we can tell if jblow
logged onto a specific computer Tuesday at 4pm, for example.

>   - does the library allow use of browser email as a document delivery 
> option;

yup.

>   - do you have a policy on "about:global" or other search history data 
> (how long do you keep it, can it be linked to a user, etc.?)

i don't know how long the data's kept; my guess is that it's not long
at all. 

as a private institution, we undoubtedly grant our users more
access than public libraries might find reasonable - we have all sorts
of punishments to hold over the heads of anyone who might do something
really stupid like send death threats to the White House (getting kicked
out of law school would be a start).

> > How obligated are libraries to keep records of Internet workstation use?  
> > Should we be scanning library cards into a spreadsheet and keeping track 
> > of times and specific PCs?  How long should such records be kept?  Who's 
> > entitled to see them?  

Frankly, if you're not prepared to turn all of those records over to
the FBI on demand, I'd be inclined to not keep them at all. Whatever
records you have can be claimed and taken. Privacy concerns? Argue them 
all you want... after you turn over the records.

(This is NOT legal advice, mind you...just my experience dealing with
something similar.)

-- sarah


~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~
* Sarah Crary Gregory, Reference Librarian   sgregory at lclark.edu*
~ Boley Law Library, Northwestern School of Law                 ~ 
*   of Lewis & Clark College                                    *
~ Portland, OR  97219                        503.768.6740       ~
*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*



More information about the Web4lib mailing list