Use of Administrative Privileges to Access User-Owned Data and Systems
Users are notified in accordance with the Regulation of Investigatory Powers Act 2000 that private data (including email) may sometimes be included in the process of investigating malfunction or the suspected misuse of computer systems or the network. This page details the procedures for such investigations.
There are also many occasions when it would be convenient to one user for computer staff to access another user’s data for them. In most cases this will not fall within these guidelines and is not allowed (see also the University policy on this for further details).
When Investigations May Take Place
Access by the Department’s Computer Staff using administrative privilege to resources/information on computers (whether belonging to the department, or connected, permanently or otherwise, to its data network) will take place under the following conditions:
- Automated scanning of systems for security holes or evidence of attacks: there will be no advanced warning or notification to users of specific scans and the only records normally kept of these administrative accesses will be the logs produced by the scanning software.
- Access to user files necessary to ensure correct system operation (for example scans for, and correction of, user configuration settings where these may cause security problems, incorrect operation of system software, or require adjustment for new versions of software): will normally be treated as in 1 above (although users may be notified of changes); the protocol in 3 below will be used if non-routine procedures are required and these may reveal sensitive or confidential data to computing staff.
- Any other use of administrative privilege that may result in examination of non-system (ie user owned) data, including files and transient data within the system or network:
- At the request of the relevant user: may be done at any time and requires no further notification or logging of the use of administrative privilege. Appropriate steps must be taken, by the user and the system administrator involved, to ensure that both clearly understand what data and resources may need to be accessed.
- At the request of an appropriate authority: all users whose data is affected will be notified and all administrative accesses will be logged.
- In order to investigate security or operational problems (eg evidence of unauthorised access; a possible breach of relevant rules, regulations, or laws; or excessive use of resources): authority is required and all users whose data is affected will be notified and all administrative accesses will be logged.
A general principle is that computer staff will only access potentially sensitive or confidential data where it is necessary for the maintenance, repair or security of the computer systems concerned or to enable the legitimate business of the University to continue in the absence of the owner. Such data will never be disclosed to others without appropriate need and authorisation.
Obtaining Authorisation, Logging Use and Notification
Authorisation must be obtained in advance of administrative privilege being used, logging must start immediately, but notification may occur after the fact (and potentially some time after the fact), except that: in the event that an individual with administrative privilege believes that there is an emergency situation requiring access to be used that would otherwise require authorisation in advance, but where waiting for such authorisation might result in loss of and/or damage to our or other sites’ systems or data, they may proceed in advance of authorisation, but must establish authorisation as soon as is possible.
Administrative privilege includes (but is not limited to) the use of Unix root accounts and of Windows NT administrator accounts, privileges and domains. Problem resolution sometimes requires Computer Staff to temporarily assume the identity and privileges of a user (e.g. via the Unix “su” command). All access to data and resources conferred by such mechanisms will be handled according to the procedures laid down here.
The following may give permission for administrative privileges to be exercised: the Head of Department; a Deputy Head of Department; a Head of Division; the Head of the Information and Computing Service (ICS). In each case they will keep a record of permission being granted and will be kept informed of the way in which the administrative privileges are being used and of the outcome of the investigation.
It should also be noted that the Act defines certain circumstances in which we can be required to disclose intercepted data to law enforcement and other agencies.