Does the janitor have access to your confidential computer files? Clip art licensed from DiscoverySchool.com
A colleague of ours — an academic at another university — is faced with the following situation, which provides both the title and the inspiration for this post.
Our colleague, whom we will call Alice, is the recipient of a large grant to fund a research project examining psychological and genetic variables in a large population sample. As part of the research, data are collated from a range of genetic and psychological tests as well as on past sexual behaviour and current antibody status to several diseases.
Alice would like to store her data on a computer. Indeed, given the vast amount of information being collected, and the analyses that will ultimately be done, it is difficult to imagine that the data would be stored in any other way.
Alice has guaranteed to the granting body, to her volunteer subjects and to the university that the data will be held securely, in confidence, and that only those people who need to have access to the data will be able to access it. Such a guarantee is also implicit in various Australian laws. But Alice has a problem — geek power. Alice’s computer was purchased, using her grant funds, by her university’s IT department because the university requires that all IT purchases be made this way. The IT department has installed a popular operating system on the computer. The particular operating system allows one or more users of the computer to be given special privileges which will allow those users to change the usage rights (“permissions”) of other users, and to access and change any files stored on the computer. Users with such status are sometimes referred to as “administrators”, “super-users”, and “root password holders”. Readers should note that most Unix®, Linux®, and Windows XP® systems, as well as others, fit this description.
Alice’s now has a problem. The university IT department will neither (a) disclose to Alice the administrator password for her own machine, (b) surrender their own Administrator privileges on Alice’s machine, nor (c) give her the privileges associated with being an Administrator. The results of this denial are manifold, but all derive from the fact that Alice cannot be sure of the integrity, confidentiality or security of any of her data.
One method of securing data is to render it indecipherable to an unauthorized person by using suitable cryptographic software but Alice cannot install such software on her machine, because only an Administrator can install new software so that it functions correctly. Furthermore, even were Alice able to install the software, she would have no way of preventing or discovering whether the software had subsequently been subverted in a way that destroyed the security it purported to give. The covert alteration of software is hardly a far-fetched idea — many of the recent computer viruses that have plagued users do precisely this.
Lest anyone suggest that the situation Alice faces is that same as that faced by an office that gives access to a janitor, we should point out that this is not so. A paper based office can lock files in a drawer, a filing cabinet, or safe if need be. The janitor who cleans and tidies a bank does not have automatic access to the vault; and it is not the janitor who decides where the bank manager can and cannot go. Geek power is the exact reverse of janitorial power, though we would argue that they should be the same.
IT departments do not exist because they are a desirable feature of a research institution in and of themselves. Rather, they are a service department, and however sophisticated the service that they provide might become, they would have no raison d’etre but for the utility of that service to the productive components of the university.
Contributors: Daniel D. Reidpath, Mark R. Diamond