Administrator Ethical Dilemma

© Copyright 1996 by John Halleck

"Administrator" Dilemma - Part One


In order to insure normal service operations, the site administrator and the operators of a computer system have access to the entire system. This means that there is not really ANYTHING on a computer that is truly private. (Files are usually protected from other users, but not from the system folks). The upshot of this is that computer sites have to trust the people in charge. These people can do anything on the system, including delete or create or read files, reroute mail, edit the log files, etc.

Many network programs (mail for example) pass off to people things with which they can't deal. So, if somebody mistypes an address badly enough, the postmaster of the machine gets a copy of the headers of the message (and possibly the message itself).

The upshot of this is that all kinds of "funnyness" tends to get dumped in their laps regularly, and they sometimes end up knowing all kinds of little facts about some of their users. Their system privileges allow them to investigate further if they think there is a need.

Most sites are VERY careful about who receives system privileges. Many sites will go so far as to pull system privileges away from anybody they suspect of wrongdoing, even without proof. Other sites just assume that this risk is a necessary evil, and don't worry about the people in charge.

The views of Nick Klaws (Site administrator for machine Mega.Pseumata at Whasamatta U.)

"We get a lot of students cheating here, so we keep close tabs on what they do. When we saw that Joe's account had a usage pattern much different than everyone else in his class, we went in to see what he was up to.

We found that he was (Take your pick...)

and we deleted the files and tossed him off of our machine. It's our machine, and we can do what we want with it. There is no law against what we did.

If you stored your papers in a bin on my desk, and I looked into them because I thought there might be a problem, nobody would think it odd. Well, that machine is on my desk, I thought there might be a problem, and I looked through them."

The views of Joseph Blow (the student who was tossed off the machine):

"If you wanted to search my locker or room, you'd have to get a search warrant. Just because there is no specific law that says you have to get a warrant for the computer files does not make it right.

There is an expectation of privacy when we put things into our private files."

Why is this a COMPUTER ethics problem and not just a common ethics problem?

The handling of most computer actions is far ahead of any laws on the subject. It is only very recently that any laws have covered how people handle files on their own systems. As late as the early 1990's administrators could read anyone's mail for any reason (even entertainment) without breaking any laws whatsoever. There have been a number of laws passed recently that cover parts of the issue, but many situations are still unclear, or the laws concerning them are still untested. For people working for commercial companies there are still very few legal privacy protections.

Part 2

Joseph Blow:

"Without a computer account, I can't pass my computer classes, and I can't graduate. Your actions effectively toss me out of the university without a hearing, and without recourse.

They claimed there was no law against what they did. But by the same token, there is no law against what I did.

In any non-computer activity, the university has to abide by due process. There have to be hearings. There is always review before action is taken. Who elected you folks God, that you are not bound by the kinds of restraints that everyone else is?"

Nick Klaws:

"If you are not going to follow the rules on our machine, you don't get to use our machine. It is not our fault if this causes you problems with your classes.

Having a computer down for even a few hours causes serious problems.

Having to wait for days before taking action could often mean that we would have to work months cleaning up the mess.

The normal university procedures CAN'T be completed in less than a week. Even if they could, the university administrators don't understand the issues and we spend days getting the ideas across. In cases such as chain letters, for example, we might have to act immediately to prevent the system from becoming totally unusable."

Blow's Lawyer (hereafter B):

"Do you have any proof that Mr. Blow caused the problems that caused him to be denied computer access?"

Whasamatta U's Lawyer (hereafter U):

"We have the logs of the usage, copies of the files involved, and even a copy of the electronic mail Mr. Blow sent admitting the violation before he knew how much trouble he was in."

Lawyer vs. Lawyer

B: "These are all printouts of files on the computer?"

U: "Yes."

B: "Doesn't Mr. Klaus have the ability to read and write EVERY file on the system, including the files that you brought as evidence?"

U: "Yes, but he did not alter those files."

B: "How do you know?"

U: "The log file shows no such tampering."

B: "Isn't that log file itself one to which he has access?"

U: "Yes."

The problem here is that EVERY file on the system is accessible to the site administrator, and they generally leave no tracks when they change a file. ("What, the 'last written date' shows I edited it? No problem, I'll just set that date back...")

Even electronic mail to other sites is not tamper-proof. Any good postmaster can forge mail from anybody to anybody. With care the forgery is totally undetectable.

If you always believe the administrator, you will effectively concede to him or her the ability to take advantage of anybody at any time for any reason.

But if you always believe the student, you will effectively give the student the ability to get away with anything he or she wishes to do, including violation of serious laws.

Anything on the system can be faked (often the student also can fake items...), and there is no evidence of it, on or off the system.

Go to ...

This page is
© Copyright 1996 by John Halleck
This page was last modified on April 7th, 1999