Re: [Fed-Talk] Privacy policies and logging records
Re: [Fed-Talk] Privacy policies and logging records
- Subject: Re: [Fed-Talk] Privacy policies and logging records
- From: Todd Heberlein via Fed-talk <email@hidden>
- Date: Tue, 5 Dec 2023 11:50:00 -0800
Thanks.
I remember getting pushback early on in my career when users discovered how
much we could know about what they were doing.
Apple’s new system extension technologies are opening up new logging
possibilities. I find myself spending a fair amount of time looking at what
applications are sending about me and my system over the network - as a user,
it is a little concerning to see how much the application providers are
collecting. :-)
Todd
> On Dec 5, 2023, at 11:26 AM, Rowe, Walter P. (Fed) via Fed-talk
> <email@hidden> wrote:
>
> The login banner tells you that you have no reasonable expectation of privacy.
>
>> You are accessing a U.S. Government information system, which includes: 1)
>> this computer, 2) this computer network, 3) all Government-furnished
>> computers connected to this network, and 4) all Government-furnished devices
>> and storage media attached to this network or to a computer on this network.
>> You understand and consent to the following: you may access this information
>> system for authorized use only; unauthorized use of the system is prohibited
>> and subject to criminal and civil penalties; you have no reasonable
>> expectation of privacy regarding any communication or data transiting or
>> stored on this information system at any time and for any lawful Government
>> purpose, the Government may monitor, intercept, audit, and search and seize
>> any communication or data transiting or stored on this information system;
>> and any communications or data transiting or stored on this information
>> system may be disclosed or used for any lawful Government purpose. This
>> information system may contain Controlled Unclassified Information (CUI)
>> that is subject to safeguarding or dissemination controls in accordance with
>> law, regulation, or Government-wide policy. Accessing and using this system
>> indicates your understanding of this warning.
>
>
> Walter
> --
> Walter Rowe, Division Chief
> Infrastructure Services Division
> Mobile: 202.355.4123
>
>> On Dec 5, 2023, at 2:00 PM, Todd Heberlein via Fed-talk
>> <email@hidden> wrote:
>>
>> Hi all,
>>
>> Does the federal government have any guidance on privacy policies on what
>> can be logged?
>>
>> We are using Apple’s network system extension for macOS, and it collects a
>> fair amount of information. I was wondering if the government has any
>> policies that would say whether capturing this level of detail is permitted
>> or not.
>>
>> As an example in the screenshot below, box (1) shows information a typical
>> network monitor (e.g., Zeek or NetFlow) could collect on an encrypted
>> connection, and box (2) shows additional details Apple’s network system
>> extension can collect on the Mac for that connection (e.g., the URL passed
>> over the encrypted connection) even without MITM decryption.
>>
>> <Traffic-for-fedtalk-annotated.png>
>>
>>
>>
>> Any pointers on policies would be appreciated. Thanks,
>>
>> Todd
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden