The respect of your privacy when you use our IT services is of main concern to ITServ. In that respect, we would like to outline the rules and procedures which we strictly follow:
The privacy of e-mail is _strictly_ respected by those ITServ staff members who have administrative access to the mail servers. Administrative access is tightly controlled, passwords are changed whenever a staff member quits or looses his/her access.
The contents of e-mail is _never_ looked at by anyone, except on very rare occasions, and only at the explicit request of the owner of the mailbox and with him/her being present (this is done for troubleshooting purposes)
For the troubleshooting of problems, tracking of abuse and security-related cases, only e-mail and web traffic logs are routinely inspected. These logs include the following information:
- For mail: date, sender, recipient(s) and size of contents
- For web: client IP address, opened URL, size of contents
They do _not_ include any part of the contents of e-mail or web pages. This information is only disclosed to third parties in one of the following cases: - To back our statements when people report problem sending/receiving e-mail, and to the owner of the concerned mailbox only
- As evidence of abuse cases, to the suspected offending user and to the AIT Administration upon written request
Abuse is defined precisely as a violation of the Acceptable Usage Policy. Each AIT user signs in order to obtain an e-mail account and authorised access to
the network resources. A copy of this AUP can be found here
Security cannot be stronger than what you, users, make it: improperly chosen passwords, unsecured access to your desktop or passwords written on sticky notes open your e-mail to unwanted readers or people abusing your identity. This defeats all security measures we take to protect your privacy.
Last but not least, our servers are carefully kept up-to-date regarding software security vulnerabilities, and are protected by network filtering, access control and monitoring of events. This is being done up to the maximum of the resources we have for these tasks. It is believed that the level of protection we have now is quite comparable to what exists in most large universities, even in the western world.
Access to private information such as e-mail contents without the explicit authorization of its rightful owner would be an extremely serious offense and goes against the root ethics of the IT professionals we are. We strongly recommend that whoever might think that he/she has evidence to back cases of violation of privacy immediately report to the proper authorities for investigation.