Should MIT policies on the collection, provision, and retention of electronic records be reviewed? Questions for the MIT communityShould MIT policies on the collection, provision, and retention of electronic records be reviewed? Commenting Closed 10 Comments Given the recent revelations Submitted by firstname.lastname@example.org on Thu, 2013-09-05 13:22 Given the recent revelations on the NSA, it would be wise (I believe) for MIT review the polices on the collection, provision, and retention of electronic records, with the intention of minimizing such records. Best Jim Bales For precisely the reasons Submitted by email@example.com on Thu, 2013-09-05 16:44 For precisely the reasons given by the Review Panel, I think the answer can only be 'yes'. Among the eight issues raised in this report, though, I would not put this one in the top four. I agree with Jim. I think we Submitted by boneye on Fri, 2013-09-06 17:11 I agree with Jim. I think we should not help the NSA unless the Supreme Court (not FISC, which does not have the authority it claims) demands it. That is what "legal compliance" should mean to an adversarial, freedom-loving campus. The Institute's keeping and sharing of such electronic records led to a death of a smart young man, and his impending imprisonment under archaic laws. I should fucking hope you're reconsidering the policy: is even one life worth making publishing companies happy? see reply to previous Submitted by sternlight on Sat, 2013-09-07 00:39 see reply to previous question. Correction--see reply to Submitted by sternlight on Sat, 2013-09-07 00:40 Correction--see reply to following question. Sequence keeps jumping around Submitted by sternlight on Sat, 2013-09-07 00:43 Sequence keeps jumping around. See reply to CFAA question. Yes obviously because your Submitted by jimad on Sat, 2013-09-07 11:38 Yes obviously because your own review clearly shows that you do not know what you are doing nor why. Even my local dentist's office has a better understanding of the issue of records retention and protection. Yes. MIT has been a leader Submitted by dpreed on Sun, 2013-09-08 15:25 Yes. MIT has been a leader in the past in thinking about policies regarding information about individuals that are captured and stored in computer databases. But times have changed a great deal - the "Big Data" revolution has demonstrated that misuse is becoming easier, that the cost of capturing "sensor data" (recorded communications, behavioral tracking, ...) and recording/indexing it forever is now far less than the cost of "cleaning" or removing data about people and their activities. Also, MIT's very complex relations with large data-seeking entities creates an immense conflict of interest, such that MIT has difficulty NOT handing that data over to others who exert a small bit of pressure. The report reveals how easily a person acting without clear authority (the Secret Service agent) was able to earn trust and acquire access to sensitive data dumps on a relatively large scale. It also reveals that MIT apparently has no policy other than that provided by an "Outside Counsel" to act on such matters or to determine its own policy. This represents an amazingly low quality managerial culture, depending on others to set policy without any particularly effective discussion of its ramifications. MIT represents the interests of many diverse entities who share the campus. It is not, per se, an agent of the US Government, and therefore must have its own views, and it must both formulate them and have a defense for them that is not determined merely by "the government told us to do it". On many issues, this is true. On the matter of stored records and data collection, apparently this is not true, or is true no longer (since I believe that in the 1970's MIT spent a great deal of effort on such institutional issues). Yes! Submitted by jjb9_85 on Sun, 2013-09-08 15:54 Yes! Yes. The report shows the Submitted by firstname.lastname@example.org on Wed, 2013-09-18 09:45 Yes. The report shows the need for greater clarity within MIT on what conditions their personal data and private communications will be disclosed to third parties.