CLASSE-IT Privacy Statement
The CLASSE-IT group takes the privacy of its users' electronic data very seriously, and we make every reasonable effort to protect the data stored on CLASSE-managed computers and our networked filesystems. As custodians of university information, all IT group members adhere to the Unversity Information and Confidentiality Annual Agreement
and all the university policies referenced therein.
In order to set baseline expectations for data privacy, we would like to point out that:
- In the course of performing maintenance requested by a user, or as part of a security incident investigation, CLASSE-IT group members may find it necessary to gain access to individual computers and files. We do so only with the cooperation of the user or with permission from lab management.
- We have the ability to observe the amount and type of traffic on our network, as recorded in activity logs.
- As a laboratory that focuses on collaborative research, we maintain relatively open default file permissions on our networked filesystems.
Details on these and other privacy issues are given below. If you have any concerns, please open a ServiceRequest
or come talk to any member of the CLASSE-IT group for clarification.
Administration of CLASSE-managed computers
CLASSE-IT group members exercise the utmost discretion in administering CLASSE computer systems, and we do not directly access anyone's computer or files without due cause. However, as part of managing the lab's computers, we have set up automated processes that apply updates and configuration changes over the network on a regular schedule, as well as report hardware and software inventories to a central database. Also, when performing maintenance on or troubleshooting a particular computer, we may find it necessary to review disk usage and activity logs on that computer. These logs may include information about which files were accessed when and by whom.
Networked filesystems and backups
The vast majority of our networked filesystems
, which we also refer to as "central storage", are Linux filesystems. Our samba service (used mainly on Windows and Mac), is simply a front-end interface to these Linux filesystems.
Users who are new to the Linux operating system and networked computing environments may be unfamiliar with how file permissions are handled. When a file or directory is created on our networked filesystems, the default permissions are set such that the file or directory can be seen and read (and executed, for binary files) by anyone with a CLASSE account, but it can be written to or modified only by the owner. In particular, this is true of Linux home directories and top-level user directories (/nfs/user or \\samba\user shares). This openness of access is common to computing at large labs (CERN, Fermilab, SLAC, etc.).
Every user has control over the permissions on the files and directories that he or she owns; access can be restricted or expanded at will. For assistance with setting file permissions, please submit a ServiceRequest
Note that user directories contain a "private" directory (/nfs/user/userid
/private or \\samba\user\userid
\private), which, by default, is readable and writable only by the owner. When given permission by the owner or by lab management, CLASSE-IT group members have the ability to access private directories only by exercising system administrator privileges.
Also, we perform regular archival tape backups of many central filesystems, such as home directories and user directories (with "private" directories included). Therefore, we cannot guarantee complete removal of files; persistent copies of a user's files may likely exist on tape, even after they have been deleted from disk.
Use of the CLASSE network implies acceptance of Cornell University policies
and CLASSE guidelines
for acceptable use of computers and networks. During the normal course of operations, neither CLASSE-IT nor Cornell IT support staff has access to the content of traffic flowing on our networks. However, both CLASSE-IT and Cornell IT have installed network security monitors that detect unusually high traffic volumes; large changes in network traffic can sometimes indicate a security breach. When such a spike is detected, we may contact the user of the computer involved and/or the user's supervisor for more information.
As an additional security measure, web browsers on CLASSE-managed computers are configured by default to use our caching proxy server
that blocks many web advertisements (e.g. Google Ads). Such advertisements are frequently used for malware distribution. Known email phishing links and malware downloads may also be blocked.
Finally, access to CLASSE computers and restricted CLASSE services requires logging in with one's CLASSE username and password. Login attempts and other network connections (ssh, sftp, etc.) to and from CLASSE computers are recorded in our network activity logs.
Managed antivirus software
In compliance with the Cornell University Policy on Information Security
, we have deployed managed antivirus (AV) software on CLASSE-managed computers. With managed AV, client computers connect to a central server to send and receive software and configuration updates, virus definitions, log information, and remediation of security issues. The use of AV software also entails regular scans of all files on a computer to check for malware. If a file is flagged by the AV software, we are automatically notified, and details of that file will be logged. In some cases, we may submit a copy of the identified file to our AV vendor for further analysis. In all such security incidents, we work closely with the users involved or with lab management to ensure proper handling of the user's files.
Confidential data scanning
To ensure compliance with the CLASSE Policy on Confidential Information
, which prohibits any long-term storage of confidential data on CLASSE computers, we have deployed a condfidential data scanning tool on CLASSE-managed Windows and Mac computers. This tool identifies confidential information by scanning hard drives and websites at regular intervals, producing lists of files that may potentially contain confidential data. These lists are also logged on a central server operated by Cornell Information Technologies (CIT). In certain cases, filenames may be forwarded to CLASSE-IT for further investigation or remediation.
Many of the printers at CLASSE
are centrally managed via a CUPS print server, which logs the user ID, filename, page count, timestamp, and queue for each print job. The contents of the files being printed are not stored permanently anywhere on our systems, although some of our printers (depending on the model) may save the file contents to their local hard drives.